from samba import Ldb
from samba.samdb import SamDB
from samba.dsdb import (UF_NORMAL_ACCOUNT,
- UF_WORKSTATION_TRUST_ACCOUNT,
- UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
- ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
- SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
- SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
+ UF_WORKSTATION_TRUST_ACCOUNT,
+ UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
+ ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security, lsa
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
+
class BasicTests(samba.tests.TestCase):
def setUp(self):
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": [] })
+ "objectClass": []})
self.fail()
except LdbError as e1:
(num, _) = e1.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "X" })
+ "objectClass": "X"})
self.fail()
except LdbError as e2:
(num, _) = e2.args
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person",
- "objectCategory": self.base_dn })
+ "objectCategory": self.base_dn})
self.fail()
except LdbError as e3:
(num, _) = e3.args
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person",
- "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)] })
+ "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)]})
self.fail()
except LdbError as e4:
(num, _) = e4.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "connectionPoint" })
+ "objectClass": "connectionPoint"})
self.fail()
except LdbError as e5:
(num, _) = e5.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["person", "leaf"] })
+ "objectClass": ["person", "leaf"]})
self.fail()
except LdbError as e6:
(num, _) = e6.args
# Objects instanciated using "satisfied" abstract classes (concrete
# subclasses) are allowed
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"] })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"]})
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["person", "container"] })
+ "objectClass": ["person", "container"]})
self.fail()
except LdbError as e7:
(num, _) = e7.args
# Test allowed system flags
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person",
- "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE))})
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["systemFlags"])
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person" })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person"})
# We can remove derivation classes of the structural objectclass
# but they're going to be readded afterwards
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# This does not work since object class "leaf" is not auxiliary nor it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("leaf", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
# This does not work since object class "leaf" is not auxiliary nor it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
- "leaf"], FLAG_MOD_REPLACE, "objectClass")
+ "leaf"], FLAG_MOD_REPLACE, "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Add an attribute specific to the "bootableDevice" class
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used. Now there
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used.
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "user" })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "user"})
# Add a new top-most structural class "container". This does not work
# since it stands in no direct relation to the current one.
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("container", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Replace top-most structural class to "inetOrgPerson" and reset it
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("user", FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Add a new auxiliary object class "posixAccount" to "ldaptestuser"
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("posixAccount", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Be sure that "top" is the first and the (most) structural object class
scope=SCOPE_BASE, attrs=["objectClass"])
self.assertTrue(len(res) == 1)
self.assertEquals(res[0]["objectClass"][0], "top")
- self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"])-1], "user")
+ self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"]) - 1], "user")
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m = Message()
m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
- "description")
+ "description")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
- "isCriticalSystemObject")
+ "isCriticalSystemObject")
try:
ldb.modify(m)
self.fail()
try:
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn,
+ + self.base_dn,
"objectclass": "group"})
self.fail()
except LdbError as e24:
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn)
+ + self.base_dn)
try:
self.ldb.add({
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
# modify operation
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
- "thisdoesnotexist")
+ "thisdoesnotexist")
try:
ldb.modify(m)
self.fail()
"dn": "cn=ldaptestobject," + self.base_dn,
"objectclass": "ipProtocol",
"ipProtocolNumber": "1",
- "uid" : "0"})
+ "uid": "0"})
self.fail()
except LdbError as e29:
(num, _) = e29.args
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
- "sAMAccountName")
+ m["sAMAccountName"] = MessageElement(["nam1", "nam2"], FLAG_MOD_REPLACE,
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
self.ldb.add({'objectclass': 'organizationalUnit',
'dn': ou})
-
managers = []
for x in range(3):
m = "cn=manager%d,%s" % (x, ou)
self.ldb.delete(ou, ['tree_delete:1'])
-
def test_multivalued_attributes(self):
"""Test multi-valued attributes"""
ou = 'OU=mvattr,%s' % (self.base_dn)
self.ldb.delete(ou, ['tree_delete:1'])
-
def test_attribute_ranges(self):
"""Test attribute ranges"""
# Too short (min. 1)
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person",
- "sn": "" })
+ "objectClass": "person",
+ "sn": ""})
self.fail()
except LdbError as e39:
(num, _) = e39.args
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person" })
+ "objectClass": "person"})
# Too short (min. 1)
m = Message()
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
- "instanceType": "1" })
+ "instanceType": "1"})
self.fail()
except LdbError as e47:
(num, _) = e47.args
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
- "instanceType": "32" })
+ "instanceType": "32"})
self.fail()
except LdbError as e48:
(num, _) = e48.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- #only write is allowed with NC_HEAD for originating updates
+ # only write is allowed with NC_HEAD for originating updates
try:
self.ldb.add({
"dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
"objectclass": "user",
- "instanceType": "3" })
+ "instanceType": "3"})
self.fail()
except LdbError as e52:
(num, _) = e52.args
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("group", 0, "objectClass")
m["dn"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn, 0,
- "dn")
+ "dn")
try:
ldb.add(m)
self.fail()
# a wrong "distinguishedName" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
# proof if the DN has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
self.assertTrue(len(res) == 1)
self.assertTrue("distinguishedName" in res[0])
self.assertTrue(Dn(ldb, res[0]["distinguishedName"][0])
- == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
+ == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
# The "dn" shortcut isn't supported
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["dn"] = MessageElement(
"cn=ldaptestgroup,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
- "dn")
+ "dn")
try:
ldb.modify(m)
self.fail()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
# empty RDN
try:
self.ldb.add({
- "dn": "=,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "=,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e61:
(num, _) = e61.args
# empty RDN name
try:
self.ldb.add({
- "dn": "=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e62:
(num, _) = e62.args
# empty RDN value
try:
self.ldb.add({
- "dn": "cn=,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e63:
(num, _) = e63.args
# a wrong RDN candidate
try:
self.ldb.add({
- "dn": "description=xyz,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "description=xyz,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e64:
(num, _) = e64.args
# a wrong "name" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "name": "ldaptestgroupx"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "name": "ldaptestgroupx"})
# proof if the name has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
- "name")
+ "name")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["cn"] = MessageElement("ldaptestuser",
- FLAG_MOD_REPLACE, "cn")
+ FLAG_MOD_REPLACE, "cn")
try:
ldb.modify(m)
self.fail()
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
# this test needs to be disabled until we really understand
# what the rDN length constraints are
+
def DISABLED_test_largeRDN(self):
"""Testing large rDN (limit 64 characters)"""
rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012"
delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
try:
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
self.ldb.add({
- "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
def test_rename_twice(self):
"""Tests the rename operation twice - this corresponds to a past bug"""
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
res = ldb.search(expression="cn=ldaptestuser5")
self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
- "objectClass": "container" })
+ "objectClass": "container"})
# The objectGUID cannot directly be changed
try:
"""Test parentGUID behaviour"""
self.ldb.add({
"dn": "cn=parentguidtest,cn=users," + self.base_dn,
- "objectclass":"user",
- "samaccountname":"parentguidtest"})
+ "objectclass": "user",
+ "samaccountname": "parentguidtest"})
res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
attrs=["parentGUID", "samaccountname"])
- res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
+ res2 = ldb.search(base="cn=users," + self.base_dn, scope=SCOPE_BASE,
attrs=["objectGUID"])
res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
attrs=["parentGUID"])
self.ldb.add({
"dn": "cn=testotherusers," + self.base_dn,
- "objectclass":"container"})
- res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
+ "objectclass": "container"})
+ res1 = ldb.search(base="cn=testotherusers," + self.base_dn, scope=SCOPE_BASE,
attrs=["objectGUID"])
ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
"cn=parentguidtest,cn=testotherusers," + self.base_dn)
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
- "objectClass": "container" })
+ "objectClass": "container"})
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
scope=SCOPE_BASE,
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
"objectclass": "container",
- "uSNCreated" : "1",
- "uSNChanged" : "1",
+ "uSNCreated": "1",
+ "uSNChanged": "1",
"whenCreated": timestring(long(time.time())),
- "whenChanged": timestring(long(time.time())) })
+ "whenChanged": timestring(long(time.time()))})
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
scope=SCOPE_BASE,
self.assertFalse("description" in res[0])
self.assertTrue("objectGUID" in res[0])
self.assertTrue("uSNCreated" in res[0])
- self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
+ self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
self.assertTrue("uSNChanged" in res[0])
- self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
+ self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
self.assertTrue("whenCreated" in res[0])
self.assertTrue("whenChanged" in res[0])
""")
res2 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res2[0])
self.assertEqual(res[0]["usnCreated"], res2[0]["usnCreated"])
""")
res3 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res3[0])
self.assertEqual("test", str(res3[0]["description"][0]))
""")
res4 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res4[0])
self.assertEqual("test", str(res4[0]["description"][0]))
""")
res5 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res5[0])
self.assertEqual("test2", str(res5[0]["description"][0]))
""")
res6 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res6[0])
self.assertEqual(res[0]["usnCreated"], res6[0]["usnCreated"])
""")
res7 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertTrue("description" in res7[0])
self.assertEqual("test3", str(res7[0]["description"][0]))
""")
res8 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE,
- attrs=["uSNCreated", "uSNChanged", "description"])
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
self.assertFalse("description" in res8[0])
self.assertEqual(res[0]["usnCreated"], res8[0]["usnCreated"])
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "memberOf")
+ FLAG_MOD_ADD, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
+ FLAG_MOD_ADD, "member")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_REPLACE, "memberOf")
+ FLAG_MOD_REPLACE, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "memberOf")
+ FLAG_MOD_DELETE, "memberOf")
try:
ldb.modify(m)
self.fail()
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "member")
+ FLAG_MOD_DELETE, "member")
ldb.modify(m)
# This should yield no results since the member attribute for
# Make sure that the "member" attribute for "ldaptestuser" has been
# removed
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["member"])
+ scope=SCOPE_BASE, attrs=["member"])
self.assertTrue(len(res) == 1)
self.assertFalse("member" in res[0])
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
self.assertEquals(len(res), 1)
- self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
+ self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate," + self.schema_dn)
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
self.assertEquals(len(res), 1)
"cN": "LDAPtestCOMPUTER"})
ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
- "objectClass": "computer",
- "cn": "LDAPtest2COMPUTER",
- "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
- "displayname": "ldap testy"})
+ "objectClass": "computer",
+ "cn": "LDAPtest2COMPUTER",
+ "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
+ "displayname": "ldap testy"})
try:
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
# Check rename works with extended/alternate DN forms
- ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
+ ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">", "cn=ldaptestUSER3,cn=users," + self.base_dn)
# Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))
res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
# ensure we cannot add it again
try:
ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
- "objectClass": "user",
- "cn": "LDAPtestUSER3"})
+ "objectClass": "user",
+ "cn": "LDAPtestUSER3"})
self.fail()
except LdbError as e98:
(num, _) = e98.args
# ensure can now use that name
ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
- "objectClass": "user",
- "cn": "LDAPtestUSER3"})
+ "objectClass": "user",
+ "cn": "LDAPtestUSER3"})
# ensure we now cannot rename
try:
# Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))",
- scope=SCOPE_SUBTREE)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))",
+ scope=SCOPE_SUBTREE)
self.fail(res)
except LdbError as e102:
(num, _) = e102.args
# Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
self.fail()
except LdbError as e103:
(num, _) = e103.args
homeDirectory: /home/posixuser
loginShell: /bin/bash
gecos: Posix User;;;
-description: A POSIX user"""% (self.base_dn))
+description: A POSIX user""" % (self.base_dn))
# Testing removing the posixAccount objectClass from an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
delete: objectClass
-objectClass: posixAccount"""% (self.base_dn))
+objectClass: posixAccount""" % (self.base_dn))
# Testing adding the posixAccount objectClass to an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
add: objectClass
-objectClass: posixAccount"""% (self.base_dn))
+objectClass: posixAccount""" % (self.base_dn))
delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
#
delete_force(self.ldb, user_dn)
try:
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
"sAMAccountName": user_name,
- "nTSecurityDescriptor": [] })
+ "nTSecurityDescriptor": []})
self.fail()
except LdbError as e107:
(num, _) = e107.args
nTSecurityDescriptor: """ + sddl)
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
desc = res[0]["nTSecurityDescriptor"][0]
- desc = ndr_unpack( security.descriptor, desc )
- desc_sddl = desc.as_sddl( self.domain_sid )
+ desc = ndr_unpack(security.descriptor, desc)
+ desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
delete_force(self.ldb, user_dn)
try:
sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
- desc_base64 = base64.b64encode( ndr_pack(desc) ).decode('utf8')
+ desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
# Test an empty security descriptor (naturally this shouldn't work)
#
delete_force(self.ldb, user_dn)
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
- "sAMAccountName": user_name })
+ "sAMAccountName": user_name})
m = Message()
m.dn = Dn(ldb, user_dn)
# there does not seem to be another limitation.
try:
dshstr = ""
- for i in range(1,11):
+ for i in range(1, 11):
# This is in the range
self.ldb.set_dsheuristics(dshstr + "x")
self.ldb.set_dsheuristics(dshstr + "xxxxx")
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
delete_force(self.ldb, user_dn)
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
- "sAMAccountName": user_name })
+ "sAMAccountName": user_name})
#
# We check the following values:
# 370101000000Z => 20370101000000.0Z
# 20370102000000.*Z => 20370102000000.0Z
#
- ext = [ "Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z" ]
+ ext = ["Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z"]
for i in range(0, len(ext)):
v_raw = "203701%02d000000" % (i + 1)
if ext[i] == "Z":
self.assertTrue(len(res[0]["msTSExpireDate"]) == 1)
self.assertEquals(res[0]["msTSExpireDate"][0], v_get)
+
class BaseDnTests(samba.tests.TestCase):
def setUp(self):
def test_netlogon_highestcommitted_usn(self):
"""Testing for netlogon and highestCommittedUSN via LDAP"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["netlogon", "highestCommittedUSN"])
+ attrs=["netlogon", "highestCommittedUSN"])
self.assertEquals(len(res), 0)
def test_namingContexts(self):
"""Testing for namingContexts in rootDSE"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
+ attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
self.assertEquals(len(res), 1)
ncs = set([])
self.assertTrue(int(res[0]["domainControllerFunctionality"][0]) >= int(res[0]["domainFunctionality"][0]))
res2 = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["dsServiceName", "serverName"])
+ attrs=["dsServiceName", "serverName"])
self.assertEquals(len(res2), 1)
self.assertEquals(len(res2[0]["dsServiceName"]), 1)