lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
+
class BasicTests(samba.tests.TestCase):
def setUp(self):
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": [] })
+ "objectClass": []})
self.fail()
except LdbError as e1:
(num, _) = e1.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "X" })
+ "objectClass": "X"})
self.fail()
except LdbError as e2:
(num, _) = e2.args
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person",
- "objectCategory": self.base_dn })
+ "objectCategory": self.base_dn})
self.fail()
except LdbError as e3:
(num, _) = e3.args
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person",
- "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)] })
+ "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)]})
self.fail()
except LdbError as e4:
(num, _) = e4.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "connectionPoint" })
+ "objectClass": "connectionPoint"})
self.fail()
except LdbError as e5:
(num, _) = e5.args
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["person", "leaf"] })
+ "objectClass": ["person", "leaf"]})
self.fail()
except LdbError as e6:
(num, _) = e6.args
# Objects instanciated using "satisfied" abstract classes (concrete
# subclasses) are allowed
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"] })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"]})
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": ["person", "container"] })
+ "objectClass": ["person", "container"]})
self.fail()
except LdbError as e7:
(num, _) = e7.args
# Test allowed system flags
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person",
- "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE))})
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
scope=SCOPE_BASE, attrs=["systemFlags"])
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person" })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person"})
# We can remove derivation classes of the structural objectclass
# but they're going to be readded afterwards
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "user" })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "user"})
# Add a new top-most structural class "container". This does not work
# since it stands in no direct relation to the current one.
scope=SCOPE_BASE, attrs=["objectClass"])
self.assertTrue(len(res) == 1)
self.assertEquals(res[0]["objectClass"][0], "top")
- self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"])-1], "user")
+ self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"]) - 1], "user")
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
try:
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn,
+ + self.base_dn,
"objectclass": "group"})
self.fail()
except LdbError as e24:
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
# modify operation
"dn": "cn=ldaptestobject," + self.base_dn,
"objectclass": "ipProtocol",
"ipProtocolNumber": "1",
- "uid" : "0"})
+ "uid": "0"})
self.fail()
except LdbError as e29:
(num, _) = e29.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
+ m["sAMAccountName"] = MessageElement(["nam1", "nam2"], FLAG_MOD_REPLACE,
"sAMAccountName")
try:
ldb.modify(m)
self.ldb.add({'objectclass': 'organizationalUnit',
'dn': ou})
-
managers = []
for x in range(3):
m = "cn=manager%d,%s" % (x, ou)
self.ldb.delete(ou, ['tree_delete:1'])
-
def test_multivalued_attributes(self):
"""Test multi-valued attributes"""
ou = 'OU=mvattr,%s' % (self.base_dn)
self.ldb.delete(ou, ['tree_delete:1'])
-
def test_attribute_ranges(self):
"""Test attribute ranges"""
# Too short (min. 1)
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person",
- "sn": "" })
+ "objectClass": "person",
+ "sn": ""})
self.fail()
except LdbError as e39:
(num, _) = e39.args
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person" })
+ "objectClass": "person"})
# Too short (min. 1)
m = Message()
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
- "instanceType": "1" })
+ "instanceType": "1"})
self.fail()
except LdbError as e47:
(num, _) = e47.args
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
- "instanceType": "32" })
+ "instanceType": "32"})
self.fail()
except LdbError as e48:
(num, _) = e48.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- #only write is allowed with NC_HEAD for originating updates
+ # only write is allowed with NC_HEAD for originating updates
try:
self.ldb.add({
"dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
"objectclass": "user",
- "instanceType": "3" })
+ "instanceType": "3"})
self.fail()
except LdbError as e52:
(num, _) = e52.args
# a wrong "distinguishedName" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
# proof if the DN has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["dn"] = MessageElement(
"cn=ldaptestgroup,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
- "dn")
+ "dn")
try:
ldb.modify(m)
self.fail()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
"cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
- "distinguishedName")
+ "distinguishedName")
try:
ldb.modify(m)
# empty RDN
try:
self.ldb.add({
- "dn": "=,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "=,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e61:
(num, _) = e61.args
# empty RDN name
try:
self.ldb.add({
- "dn": "=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e62:
(num, _) = e62.args
# empty RDN value
try:
self.ldb.add({
- "dn": "cn=,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e63:
(num, _) = e63.args
# a wrong RDN candidate
try:
self.ldb.add({
- "dn": "description=xyz,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "description=xyz,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
except LdbError as e64:
(num, _) = e64.args
# a wrong "name" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "name": "ldaptestgroupx"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "name": "ldaptestgroupx"})
# proof if the name has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
# this test needs to be disabled until we really understand
# what the rDN length constraints are
+
def DISABLED_test_largeRDN(self):
"""Testing large rDN (limit 64 characters)"""
rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012"
delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
try:
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
self.ldb.add({
- "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
def test_rename_twice(self):
"""Tests the rename operation twice - this corresponds to a past bug"""
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": "user" })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
res = ldb.search(expression="cn=ldaptestuser5")
self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
- "objectClass": "container" })
+ "objectClass": "container"})
# The objectGUID cannot directly be changed
try:
"""Test parentGUID behaviour"""
self.ldb.add({
"dn": "cn=parentguidtest,cn=users," + self.base_dn,
- "objectclass":"user",
- "samaccountname":"parentguidtest"})
+ "objectclass": "user",
+ "samaccountname": "parentguidtest"})
res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
attrs=["parentGUID", "samaccountname"])
- res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
+ res2 = ldb.search(base="cn=users," + self.base_dn, scope=SCOPE_BASE,
attrs=["objectGUID"])
res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
attrs=["parentGUID"])
self.ldb.add({
"dn": "cn=testotherusers," + self.base_dn,
- "objectclass":"container"})
- res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
+ "objectclass": "container"})
+ res1 = ldb.search(base="cn=testotherusers," + self.base_dn, scope=SCOPE_BASE,
attrs=["objectGUID"])
ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
"cn=parentguidtest,cn=testotherusers," + self.base_dn)
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
- "objectClass": "container" })
+ "objectClass": "container"})
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
scope=SCOPE_BASE,
self.ldb.add({
"dn": "cn=ldaptestcontainer," + self.base_dn,
"objectclass": "container",
- "uSNCreated" : "1",
- "uSNChanged" : "1",
+ "uSNCreated": "1",
+ "uSNChanged": "1",
"whenCreated": timestring(long(time.time())),
- "whenChanged": timestring(long(time.time())) })
+ "whenChanged": timestring(long(time.time()))})
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
scope=SCOPE_BASE,
self.assertFalse("description" in res[0])
self.assertTrue("objectGUID" in res[0])
self.assertTrue("uSNCreated" in res[0])
- self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
+ self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
self.assertTrue("uSNChanged" in res[0])
- self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
+ self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
self.assertTrue("whenCreated" in res[0])
self.assertTrue("whenChanged" in res[0])
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
self.assertEquals(len(res), 1)
- self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
+ self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate," + self.schema_dn)
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
self.assertEquals(len(res), 1)
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
# Check rename works with extended/alternate DN forms
- ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
+ ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">", "cn=ldaptestUSER3,cn=users," + self.base_dn)
# Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))
res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
homeDirectory: /home/posixuser
loginShell: /bin/bash
gecos: Posix User;;;
-description: A POSIX user"""% (self.base_dn))
+description: A POSIX user""" % (self.base_dn))
# Testing removing the posixAccount objectClass from an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
delete: objectClass
-objectClass: posixAccount"""% (self.base_dn))
+objectClass: posixAccount""" % (self.base_dn))
# Testing adding the posixAccount objectClass to an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
add: objectClass
-objectClass: posixAccount"""% (self.base_dn))
+objectClass: posixAccount""" % (self.base_dn))
delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
#
delete_force(self.ldb, user_dn)
try:
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
"sAMAccountName": user_name,
- "nTSecurityDescriptor": [] })
+ "nTSecurityDescriptor": []})
self.fail()
except LdbError as e107:
(num, _) = e107.args
nTSecurityDescriptor: """ + sddl)
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
desc = res[0]["nTSecurityDescriptor"][0]
- desc = ndr_unpack( security.descriptor, desc )
- desc_sddl = desc.as_sddl( self.domain_sid )
+ desc = ndr_unpack(security.descriptor, desc)
+ desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
delete_force(self.ldb, user_dn)
try:
sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
- desc_base64 = base64.b64encode( ndr_pack(desc) ).decode('utf8')
+ desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
# Test an empty security descriptor (naturally this shouldn't work)
#
delete_force(self.ldb, user_dn)
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
- "sAMAccountName": user_name })
+ "sAMAccountName": user_name})
m = Message()
m.dn = Dn(ldb, user_dn)
# there does not seem to be another limitation.
try:
dshstr = ""
- for i in range(1,11):
+ for i in range(1, 11):
# This is in the range
self.ldb.set_dsheuristics(dshstr + "x")
self.ldb.set_dsheuristics(dshstr + "xxxxx")
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
delete_force(self.ldb, user_dn)
- self.ldb.add({ "dn": user_dn,
+ self.ldb.add({"dn": user_dn,
"objectClass": "user",
- "sAMAccountName": user_name })
+ "sAMAccountName": user_name})
#
# We check the following values:
# 370101000000Z => 20370101000000.0Z
# 20370102000000.*Z => 20370102000000.0Z
#
- ext = [ "Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z" ]
+ ext = ["Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z"]
for i in range(0, len(ext)):
v_raw = "203701%02d000000" % (i + 1)
if ext[i] == "Z":
self.assertTrue(len(res[0]["msTSExpireDate"]) == 1)
self.assertEquals(res[0]["msTSExpireDate"][0], v_get)
+
class BaseDnTests(samba.tests.TestCase):
def setUp(self):