# -*- coding: utf-8 -*-
# This is a port of the original in testprogs/ejs/ldap.js
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import print_function
import optparse
import sys
import time
import base64
import os
-sys.path.append("bin/python")
+sys.path.insert(0, "bin/python")
import samba
-samba.ensure_external_module("subunit", "subunit/python")
-samba.ensure_external_module("testtools", "testtools")
-
+from samba.tests.subunitrun import SubunitOptions, TestProgram
import samba.getopt as options
from samba.auth import system_session
from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
-from ldb import ERR_NO_SUCH_ATTRIBUTE
+from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INVALID_ATTRIBUTE_SYNTAX
from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
-from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
from ldb import Message, MessageElement, Dn
from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from ldb import timestring
from samba import Ldb
-from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT,
- UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
- ATYPE_WORKSTATION_TRUST)
-
-from subunit.run import SubunitTestRunner
-import unittest
+from samba.samdb import SamDB
+from samba.dsdb import (UF_NORMAL_ACCOUNT,
+ UF_WORKSTATION_TRUST_ACCOUNT,
+ UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
+ ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
+ SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
from samba.ndr import ndr_pack, ndr_unpack
-from samba.dcerpc import security
+from samba.dcerpc import security, lsa
+from samba.tests import delete_force
-parser = optparse.OptionParser("ldap [options] <host>")
+parser = optparse.OptionParser("ldap.py [options] <host>")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
# use command line creds if available
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
opts, args = parser.parse_args()
if len(args) < 1:
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
-class BasicTests(unittest.TestCase):
-
- def delete_force(self, ldb, dn):
- try:
- ldb.delete(dn)
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
-
- def find_basedn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["defaultNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["defaultNamingContext"][0]
-
- def find_configurationdn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["configurationNamingContext"][0]
-
- def find_schemadn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["schemaNamingContext"][0]
- def find_domain_sid(self):
- res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
- return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+class BasicTests(samba.tests.TestCase):
def setUp(self):
super(BasicTests, self).setUp()
self.ldb = ldb
self.gc_ldb = gc_ldb
- self.base_dn = self.find_basedn(ldb)
- self.configuration_dn = self.find_configurationdn(ldb)
- self.schema_dn = self.find_schemadn(ldb)
- self.domain_sid = self.find_domain_sid()
-
- print "baseDN: %s\n" % self.base_dn
-
- self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=entry1,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=entry2,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
- self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ self.base_dn = ldb.domain_dn()
+ self.configuration_dn = ldb.get_config_basedn().get_linearized()
+ self.schema_dn = ldb.get_schema_basedn().get_linearized()
+ self.domain_sid = security.dom_sid(ldb.get_domain_sid())
+
+ delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+ delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+ delete_force(self.ldb, "cn=testtimevaluesuser1,cn=users," + self.base_dn)
def test_objectclasses(self):
"""Test objectClass behaviour"""
- print "Test objectClass behaviour"""
+ # Invalid objectclass specified
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": []})
+ self.fail()
+ except LdbError as e1:
+ (num, _) = e1.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# Invalid objectclass specified
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "X" })
+ "objectClass": "X"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e2:
+ (num, _) = e2.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- # We cannot instanciate from an abstract objectclass
+ # Invalid objectCategory specified
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "objectCategory": self.base_dn})
+ self.fail()
+ except LdbError as e3:
+ (num, _) = e3.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Multi-valued "systemFlags"
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)]})
+ self.fail()
+ except LdbError as e4:
+ (num, _) = e4.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
+ # We cannot instanciate from an abstract object class ("connectionPoint"
+ # or "leaf"). In the first case we use "connectionPoint" (subclass of
+ # "leaf") to prevent a naming violation - this returns us a
+ # "ERR_UNWILLING_TO_PERFORM" since it is not structural. In the second
+ # case however we get "ERR_OBJECT_CLASS_VIOLATION" since an abstract
+ # class is also not allowed to be auxiliary.
try:
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "connectionPoint" })
+ "objectClass": "connectionPoint"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e5:
+ (num, _) = e5.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": ["person", "leaf"]})
+ self.fail()
+ except LdbError as e6:
+ (num, _) = e6.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Objects instanciated using "satisfied" abstract classes (concrete
+ # subclasses) are allowed
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": ["top", "leaf", "connectionPoint", "serviceConnectionPoint"]})
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ # Two disjoint top-most structural object classes aren't allowed
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": ["person", "container"]})
+ self.fail()
+ except LdbError as e7:
+ (num, _) = e7.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Test allowed system flags
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE))})
+
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["systemFlags"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["systemFlags"][0], "0")
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectClass": "person" })
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person"})
# We can remove derivation classes of the structural objectclass
# but they're going to be readded afterwards
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e8:
+ (num, _) = e8.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# We cannot delete classes which weren't specified
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e9:
+ (num, _) = e9.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
# An invalid class cannot be added
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e10:
+ (num, _) = e10.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- # The top-most structural class cannot be changed by adding another
- # structural one
+ # We cannot add a the new top-most structural class "user" here since
+ # we are missing at least one new mandatory attribute (in this case
+ # "sAMAccountName")
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e11:
+ (num, _) = e11.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# An already specified objectclass cannot be added another time
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e12:
+ (num, _) = e12.args
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
# Auxiliary classes can always be added
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
- # It's only possible to replace with the same objectclass combination.
- # So the replace action on "objectClass" attributes is really useless.
+ # This does not work since object class "leaf" is not auxiliary nor it
+ # stands in direct relation to "person" (and it is abstract too!)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("leaf", FLAG_MOD_ADD,
+ "objectClass")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e13:
+ (num, _) = e13.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Objectclass replace operations can be performed as well
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["person", "bootableDevice"],
- FLAG_MOD_REPLACE, "objectClass")
+ FLAG_MOD_REPLACE, "objectClass")
ldb.modify(m)
+ # This does not work since object class "leaf" is not auxiliary nor it
+ # stands in direct relation to "person" (and it is abstract too!)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
- "connectionPoint"], FLAG_MOD_REPLACE, "objectClass")
+ "leaf"], FLAG_MOD_REPLACE, "objectClass")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e14:
+ (num, _) = e14.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # More than one change operation is allowed
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m.add(MessageElement("bootableDevice", FLAG_MOD_DELETE, "objectClass"))
+ m.add(MessageElement("bootableDevice", FLAG_MOD_ADD, "objectClass"))
+ ldb.modify(m)
+
+ # We cannot remove all object classes by an empty replace
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e15:
+ (num, _) = e15.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e16:
+ (num, _) = e16.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# Classes can be removed unless attributes of them are used.
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
ldb.modify(m)
res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
- "objectClass")
+ "objectClass")
ldb.modify(m)
# Add an attribute specific to the "bootableDevice" class
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used. Now there
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e17:
+ (num, _) = e17.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# Remove the previously specified attribute
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
- "bootParameter")
+ "bootParameter")
ldb.modify(m)
# Classes can be removed unless attributes of them are used.
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
- "objectClass")
+ "objectClass")
+ ldb.modify(m)
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "user"})
+
+ # Add a new top-most structural class "container". This does not work
+ # since it stands in no direct relation to the current one.
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("container", FLAG_MOD_ADD,
+ "objectClass")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e18:
+ (num, _) = e18.args
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Add a new top-most structural class "inetOrgPerson" and remove it
+ # afterwards
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_ADD,
+ "objectClass")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_DELETE,
+ "objectClass")
+ ldb.modify(m)
+
+ # Replace top-most structural class to "inetOrgPerson" and reset it
+ # back to "user"
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("inetOrgPerson", FLAG_MOD_REPLACE,
+ "objectClass")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("user", FLAG_MOD_REPLACE,
+ "objectClass")
+ ldb.modify(m)
+
+ # Add a new auxiliary object class "posixAccount" to "ldaptestuser"
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("posixAccount", FLAG_MOD_ADD,
+ "objectClass")
ldb.modify(m)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ # Be sure that "top" is the first and the (most) structural object class
+ # the last value of the "objectClass" attribute - MS-ADTS 3.1.1.1.4
+ res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["objectClass"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["objectClass"][0], "top")
+ self.assertEquals(res[0]["objectClass"][len(res[0]["objectClass"]) - 1], "user")
+
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
def test_system_only(self):
"""Test systemOnly objects"""
- print "Test systemOnly objects"""
-
try:
self.ldb.add({
"dn": "cn=ldaptestobject," + self.base_dn,
"objectclass": "configuration"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e19:
+ (num, _) = e19.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ try:
+ self.ldb.add({
+ "dn": "cn=Test Secret,cn=system," + self.base_dn,
+ "objectclass": "secret"})
+ self.fail()
+ except LdbError as e20:
+ (num, _) = e20.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+ # Create secret over LSA and try to change it
+
+ lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds)
+ lsa_handle = lsa_conn.OpenPolicy2(system_name="\\",
+ attr=lsa.ObjectAttribute(),
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ secret_name = lsa.String()
+ secret_name.string = "G$Test"
+ sec_handle = lsa_conn.CreateSecret(handle=lsa_handle,
+ name=secret_name,
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ lsa_conn.Close(lsa_handle)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
+ m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
+ "description")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e21:
+ (num, _) = e21.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestcontainer," + self.base_dn,
+ "objectclass": "container",
+ "isCriticalSystemObject": "TRUE"})
+ self.fail()
+ except LdbError as e22:
+ (num, _) = e22.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ self.ldb.add({
+ "dn": "cn=ldaptestcontainer," + self.base_dn,
+ "objectclass": "container"})
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
+ m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
+ "isCriticalSystemObject")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e23:
+ (num, _) = e23.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+
+ # Proof if DC SAM object has "isCriticalSystemObject" set
+ res = self.ldb.search("", scope=SCOPE_BASE, attrs=["serverName"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("serverName" in res[0])
+ res = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
+ attrs=["serverReference"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("serverReference" in res[0])
+ res = self.ldb.search(res[0]["serverReference"][0], scope=SCOPE_BASE,
+ attrs=["isCriticalSystemObject"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("isCriticalSystemObject" in res[0])
+ self.assertEquals(res[0]["isCriticalSystemObject"][0], "TRUE")
def test_invalid_parent(self):
"""Test adding an object with invalid parent"""
- print "Test adding an object with invalid parent"""
-
try:
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn,
+ + self.base_dn,
"objectclass": "group"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e24:
+ (num, _) = e24.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
- + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
+ + self.base_dn)
try:
self.ldb.add({
"dn": "ou=testou,cn=users," + self.base_dn,
"objectclass": "organizationalUnit"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e25:
+ (num, _) = e25.args
self.assertEquals(num, ERR_NAMING_VIOLATION)
- self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
def test_invalid_attribute(self):
"""Test invalid attributes on schema/objectclasses"""
- print "Test invalid attributes on schema/objectclasses"""
-
# attributes not in schema test
# add operation
"objectclass": "group",
"thisdoesnotexist": "x"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e26:
+ (num, _) = e26.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
# modify operation
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
- "thisdoesnotexist")
+ "thisdoesnotexist")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e27:
+ (num, _) = e27.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ #
+ # When searching the unknown attribute should be ignored
+ expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))"
+ res = ldb.search(base=self.base_dn,
+ expression=expr,
+ scope=SCOPE_SUBTREE)
+ self.assertTrue(len(res) == 1,
+ "Search including unknown attribute failed")
+
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# attributes not in objectclasses and mandatory attributes missing test
# Use here a non-SAM entry since it doesn't have special triggers
"dn": "cn=ldaptestobject," + self.base_dn,
"objectclass": "ipProtocol"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e28:
+ (num, _) = e28.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# inadequate but schema-valid attribute specified
"dn": "cn=ldaptestobject," + self.base_dn,
"objectclass": "ipProtocol",
"ipProtocolNumber": "1",
- "uid" : "0"})
+ "uid": "0"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e29:
+ (num, _) = e29.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
self.ldb.add({
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e30:
+ (num, _) = e30.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# mandatory attribute delete trial
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e31:
+ (num, _) = e31.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# mandatory attribute delete trial
m = Message()
m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
- "ipProtocolNumber")
+ "ipProtocolNumber")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e32:
+ (num, _) = e32.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
def test_single_valued_attributes(self):
"""Test single-valued attributes"""
- print "Test single-valued attributes"""
-
try:
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
"sAMAccountName": ["nam1", "nam2"]})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e33:
+ (num, _) = e33.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
- "sAMAccountName")
+ m["sAMAccountName"] = MessageElement(["nam1", "nam2"], FLAG_MOD_REPLACE,
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e34:
+ (num, _) = e34.args
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
- "sAMAccountName")
+ "sAMAccountName")
ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
- "sAMAccountName")
+ "sAMAccountName")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e35:
+ (num, _) = e35.args
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- def test_multi_valued_attributes(self):
- """Test multi-valued attributes"""
- print "Test multi-valued attributes"""
+ def test_single_valued_linked_attributes(self):
+ """Test managedBy, a single-valued linked attribute.
-# TODO: In this test I added some special tests where I got very unusual
-# results back from a real AD. s4 doesn't match them and I've no idea how to
-# implement those error cases (maybe there exists a special trigger for
-# "description" attributes which handle them)
+ (The single-valuedness of this is enforced differently, in
+ repl_meta_data.c)
+ """
+ ou = 'OU=svla,%s' % (self.base_dn)
- self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "description": "desc2",
- "objectclass": "group",
- "description": "desc1"})
+ delete_force(self.ldb, ou, controls=['tree_delete:1'])
+
+ self.ldb.add({'objectclass': 'organizationalUnit',
+ 'dn': ou})
+
+ managers = []
+ for x in range(3):
+ m = "cn=manager%d,%s" % (x, ou)
+ self.ldb.add({
+ "dn": m,
+ "objectclass": "user"})
+ managers.append(m)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ try:
+ self.ldb.add({
+ "dn": "cn=group1," + ou,
+ "objectclass": "group",
+ "managedBy": managers
+ })
+ self.fail("failed to fail to add multiple managedBy attributes")
+ except LdbError as e36:
+ (num, _) = e36.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ managee = "cn=group2," + ou
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "dn": managee,
"objectclass": "group",
- "description": ["desc1", "desc2"]})
+ "managedBy": [managers[0]]})
-# m = Message()
-# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-# m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
-# "description")
-# try:
-# ldb.modify(m)
-# self.fail()
-# except LdbError, (num, _):
-# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+ m = Message()
+ m.dn = Dn(ldb, managee)
+ m["managedBy"] = MessageElement(managers, FLAG_MOD_REPLACE,
+ "managedBy")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e37:
+ (num, _) = e37.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
- "description")
+ m.dn = Dn(ldb, managee)
+ m["managedBy"] = MessageElement(managers[1], FLAG_MOD_REPLACE,
+ "managedBy")
ldb.modify(m)
-# m = Message()
-# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-# m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
-# "description")
-# try:
-# ldb.modify(m)
-# self.fail()
-# except LdbError, (num, _):
-# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
-
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
- "description")
+ m.dn = Dn(ldb, managee)
+ m["managedBy"] = MessageElement(managers[2], FLAG_MOD_ADD,
+ "managedBy")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
+ except LdbError as e38:
+ (num, _) = e38.args
+ self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
- "description")
- ldb.modify(m)
+ self.ldb.delete(ou, ['tree_delete:1'])
-# m = Message()
-# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-# m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
-# "description")
+ def test_multivalued_attributes(self):
+ """Test multi-valued attributes"""
+ ou = 'OU=mvattr,%s' % (self.base_dn)
+ delete_force(self.ldb, ou, controls=['tree_delete:1'])
+ self.ldb.add({'objectclass': 'organizationalUnit',
+ 'dn': ou})
+
+ # beyond 1210, Win2012r2 gives LDAP_ADMIN_LIMIT_EXCEEDED
+ ranges = (3, 30, 300, 1210)
+
+ for n in ranges:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser%d,%s" % (n, ou),
+ "objectclass": "user",
+ "carLicense": ["car%d" % x for x in range(n)]})
+
+ # add some more
+ for n in ranges:
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+ m["carLicense"] = MessageElement(["another"],
+ FLAG_MOD_ADD,
+ "carLicense")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+ m["carLicense"] = MessageElement(["foo%d" % x for x in range(4)],
+ FLAG_MOD_ADD,
+ "carLicense")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser%d,%s" % (n, ou))
+ m["carLicense"] = MessageElement(["bar%d" % x for x in range(40)],
+ FLAG_MOD_ADD,
+ "carLicense")
+ ldb.modify(m)
+
+ for n in ranges:
+ m = Message()
+ dn = "cn=ldaptestuser%d,%s" % (n, ou)
+ m.dn = Dn(ldb, dn)
+ m["carLicense"] = MessageElement(["replacement"],
+ FLAG_MOD_REPLACE,
+ "carLicense")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, dn)
+ m["carLicense"] = MessageElement(["replacement%d" % x for x in range(n)],
+ FLAG_MOD_REPLACE,
+ "carLicense")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, dn)
+ m["carLicense"] = MessageElement(["again%d" % x for x in range(n)],
+ FLAG_MOD_REPLACE,
+ "carLicense")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, dn)
+ m["carLicense"] = MessageElement(["andagain%d" % x for x in range(n)],
+ FLAG_MOD_REPLACE,
+ "carLicense")
+ ldb.modify(m)
+
+ self.ldb.delete(ou, ['tree_delete:1'])
+
+ def test_attribute_ranges(self):
+ """Test attribute ranges"""
+ # Too short (min. 1)
+ try:
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "sn": ""})
+ self.fail()
+ except LdbError as e39:
+ (num, _) = e39.args
+ self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+
+ # Too long (max. 64)
# try:
-# ldb.modify(m)
+# ldb.add({
+# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+# "objectClass": "person",
+# "sn": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" })
# self.fail()
# except LdbError, (num, _):
-# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+# self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person"})
+
+ # Too short (min. 1)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sn"] = MessageElement("", FLAG_MOD_REPLACE, "sn")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e40:
+ (num, _) = e40.args
+ self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
+ # Too long (max. 64)
# m = Message()
-# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-# m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
-# "description")
+# m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+# m["sn"] = MessageElement("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", FLAG_MOD_REPLACE, "sn")
# try:
# ldb.modify(m)
# self.fail()
# except LdbError, (num, _):
-# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+# self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
- "description")
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sn"] = MessageElement("x", FLAG_MOD_REPLACE, "sn")
ldb.modify(m)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
def test_empty_messages(self):
"""Test empty messages"""
- print "Test empty messages"""
-
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
try:
ldb.add(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e41:
+ (num, _) = e41.args
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e42:
+ (num, _) = e42.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_empty_attributes(self):
"""Test empty attributes"""
- print "Test empty attributes"""
-
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
try:
ldb.add(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e43:
+ (num, _) = e43.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
self.ldb.add({
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e44:
+ (num, _) = e44.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e45:
+ (num, _) = e45.args
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_instanceType(self):
"""Tests the 'instanceType' attribute"""
- print "Tests the 'instanceType' attribute"""
-
+ # The instance type is single-valued
try:
self.ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
"instanceType": ["0", "1"]})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e46:
+ (num, _) = e46.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ # The head NC flag cannot be set without the write flag
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "instanceType": "1"})
+ self.fail()
+ except LdbError as e47:
+ (num, _) = e47.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ # We cannot manipulate NCs without the head NC flag
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "instanceType": "32"})
+ self.fail()
+ except LdbError as e48:
+ (num, _) = e48.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e49:
+ (num, _) = e49.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
- "instanceType")
+ "instanceType")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e50:
+ (num, _) = e50.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e51:
+ (num, _) = e51.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+
+ # only write is allowed with NC_HEAD for originating updates
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "instanceType": "3"})
+ self.fail()
+ except LdbError as e52:
+ (num, _) = e52.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
def test_distinguished_name(self):
"""Tests the 'distinguishedName' attribute"""
- print "Tests the 'distinguishedName' attribute"""
+ # The "dn" shortcut isn't supported
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["objectClass"] = MessageElement("group", 0, "objectClass")
+ m["dn"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn, 0,
+ "dn")
+ try:
+ ldb.add(m)
+ self.fail()
+ except LdbError as e53:
+ (num, _) = e53.args
+ self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
# a wrong "distinguishedName" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
# proof if the DN has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
self.assertTrue(len(res) == 1)
self.assertTrue("distinguishedName" in res[0])
self.assertTrue(Dn(ldb, res[0]["distinguishedName"][0])
- == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
+ == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
+ # The "dn" shortcut isn't supported
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["distinguishedName"] = MessageElement(
- "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
- "distinguishedName")
+ m["dn"] = MessageElement(
+ "cn=ldaptestgroup,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
+ "dn")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError as e54:
+ (num, _) = e54.args
+ self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["distinguishedName"] = MessageElement(
+ "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
+ "distinguishedName")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ except LdbError as e55:
+ (num, _) = e55.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
- "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
- "distinguishedName")
+ "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
+ "distinguishedName")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e56:
+ (num, _) = e56.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["distinguishedName"] = MessageElement(
- "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
- "distinguishedName")
+ "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
+ "distinguishedName")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ except LdbError as e57:
+ (num, _) = e57.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_rdn_name(self):
"""Tests the RDN"""
- print "Tests the RDN"""
+ # Search
+
+ # empty RDN
+ try:
+ self.ldb.search("=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError as e58:
+ (num, _) = e58.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN name
+ try:
+ self.ldb.search("cn=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError as e59:
+ (num, _) = e59.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ try:
+ self.ldb.search("=ldaptestgroup,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError as e60:
+ (num, _) = e60.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+ # Add
+
+ # empty RDN
try:
self.ldb.add({
- "dn": "description=xyz,cn=users," + self.base_dn,
- "objectclass": "group"})
+ "dn": "=,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError as e61:
+ (num, _) = e61.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN name
+ try:
+ self.ldb.add({
+ "dn": "=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError as e62:
+ (num, _) = e62.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN value
+ try:
+ self.ldb.add({
+ "dn": "cn=,cn=users," + self.base_dn,
+ "objectclass": "group"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e63:
+ (num, _) = e63.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # a wrong RDN candidate
+ try:
+ self.ldb.add({
+ "dn": "description=xyz,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError as e64:
+ (num, _) = e64.args
self.assertEquals(num, ERR_NAMING_VIOLATION)
- self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
# a wrong "name" attribute is obviously tolerated
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "name": "ldaptestgroupx"})
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group",
+ "name": "ldaptestgroupx"})
# proof if the name has been set correctly
res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
self.assertTrue("name" in res[0])
self.assertTrue(res[0]["name"][0] == "ldaptestgroup")
+ # Modify
+
+ # empty RDN value
+ m = Message()
+ m.dn = Dn(ldb, "cn=,cn=users," + self.base_dn)
+ m["description"] = "test"
+ try:
+ self.ldb.modify(m)
+ self.fail()
+ except LdbError as e65:
+ (num, _) = e65.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # Delete
+
+ # empty RDN value
+ try:
+ self.ldb.delete("cn=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e66:
+ (num, _) = e66.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # Rename
+
+ # new empty RDN
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e67:
+ (num, _) = e67.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # new empty RDN name
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "=ldaptestgroup,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e68:
+ (num, _) = e68.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # new empty RDN value
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "cn=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e69:
+ (num, _) = e69.args
+ self.assertEquals(num, ERR_NAMING_VIOLATION)
+
+ # new wrong RDN candidate
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "description=xyz,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e70:
+ (num, _) = e70.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+
+ # old empty RDN value
+ try:
+ self.ldb.rename("cn=,cn=users," + self.base_dn,
+ "cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError as e71:
+ (num, _) = e71.args
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # names
+
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
- "name")
+ "name")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e72:
+ (num, _) = e72.args
self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["cn"] = MessageElement("ldaptestuser",
- FLAG_MOD_REPLACE, "cn")
+ FLAG_MOD_REPLACE, "cn")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e73:
+ (num, _) = e73.args
self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# this test needs to be disabled until we really understand
# what the rDN length constraints are
+
def DISABLED_test_largeRDN(self):
"""Testing large rDN (limit 64 characters)"""
- rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012"
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
- rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120"
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
try:
ldif = """
-dn: %s,%s""" % (rdn,self.base_dn) + """
+dn: %s,%s""" % (rdn, self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e74:
+ (num, _) = e74.args
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
def test_rename(self):
"""Tests the rename operation"""
- print "Tests the rename operations"""
-
try:
# cannot rename to be a child of itself
ldb.rename(self.base_dn, "dc=test," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e75:
+ (num, _) = e75.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
try:
# inexistent object
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e76:
+ (num, _) = e76.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
self.ldb.add({
- "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
# containment problem: a user entry cannot contain user entries
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser4,cn=ldaptestuser3,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e77:
+ (num, _) = e77.args
self.assertEquals(num, ERR_NAMING_VIOLATION)
try:
# invalid parent
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=people,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e78:
+ (num, _) = e78.args
self.assertEquals(num, ERR_OTHER)
try:
# invalid target DN syntax
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e79:
+ (num, _) = e79.args
self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
try:
# invalid RDN name
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "ou=ldaptestuser3,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e80:
+ (num, _) = e80.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
# Performs some "systemFlags" testing
try:
ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers,CN=Services," + self.configuration_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e81:
+ (num, _) = e81.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Limited move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE"
try:
ldb.rename("CN=Directory Service,CN=Windows NT,CN=Services," + self.configuration_dn, "CN=Directory Service,CN=RRAS,CN=Services," + self.configuration_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e82:
+ (num, _) = e82.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Rename failing since no "SYSTEM_FLAG_CONFIG_ALLOW_RENAME"
try:
ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers2," + self.configuration_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e83:
+ (num, _) = e83.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# It's not really possible to test moves on the schema partition since
try:
ldb.rename("CN=Top," + self.schema_dn, "CN=Top2," + self.schema_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e84:
+ (num, _) = e84.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Move failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE"
try:
ldb.rename("CN=Users," + self.base_dn, "CN=Users,CN=Computers," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e85:
+ (num, _) = e85.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Rename failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME"
try:
ldb.rename("CN=Users," + self.base_dn, "CN=Users2," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e86:
+ (num, _) = e86.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Performs some other constraints testing
try:
ldb.rename("CN=Policies,CN=System," + self.base_dn, "CN=Users2," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e87:
+ (num, _) = e87.args
self.assertEquals(num, ERR_OTHER)
def test_rename_twice(self):
"""Tests the rename operation twice - this corresponds to a past bug"""
- print "Tests the rename twice operation"""
-
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
self.ldb.add({
- "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
- "objectclass": ["user", "person"] })
+ "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
+ "objectclass": "user"})
ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
res = ldb.search(expression="cn=ldaptestuser5")
- print "Found %u records" % len(res)
self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
- print "Found %u records" % len(res)
self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
- def test_parentGUID(self):
- """Test parentGUID behaviour"""
- print "Testing parentGUID behaviour\n"
+ def test_objectGUID(self):
+ """Test objectGUID behaviour"""
+ # The objectGUID cannot directly be set
+ try:
+ self.ldb.add_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+objectClass: container
+objectGUID: bd3480c9-58af-4cd8-92df-bc4a18b6e44d
+""")
+ self.fail()
+ except LdbError as e88:
+ (num, _) = e88.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ self.ldb.add({
+ "dn": "cn=ldaptestcontainer," + self.base_dn,
+ "objectClass": "container"})
+
+ # The objectGUID cannot directly be changed
+ try:
+ self.ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: objectGUID
+objectGUID: bd3480c9-58af-4cd8-92df-bc4a18b6e44d
+""")
+ self.fail()
+ except LdbError as e89:
+ (num, _) = e89.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- # TODO: This seems to fail on Windows Server. Hidden attribute?
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ def test_parentGUID(self):
+ """Test parentGUID behaviour"""
self.ldb.add({
"dn": "cn=parentguidtest,cn=users," + self.base_dn,
- "objectclass":"user",
- "samaccountname":"parentguidtest"});
+ "objectclass": "user",
+ "samaccountname": "parentguidtest"})
res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
- attrs=["parentGUID", "samaccountname"]);
- res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
- attrs=["objectGUID"]);
+ attrs=["parentGUID", "samaccountname"])
+ res2 = ldb.search(base="cn=users," + self.base_dn, scope=SCOPE_BASE,
+ attrs=["objectGUID"])
res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
- attrs=["parentGUID"]);
+ attrs=["parentGUID"])
+ res4 = ldb.search(base=self.configuration_dn, scope=SCOPE_BASE,
+ attrs=["parentGUID"])
+ res5 = ldb.search(base=self.schema_dn, scope=SCOPE_BASE,
+ attrs=["parentGUID"])
"""Check if the parentGUID is valid """
- self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
+ self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"])
- """Check if it returns nothing when there is no parent object"""
+ """Check if it returns nothing when there is no parent object - default NC"""
has_parentGUID = False
for key in res3[0].keys():
if key == "parentGUID":
has_parentGUID = True
break
- self.assertFalse(has_parentGUID);
+ self.assertFalse(has_parentGUID)
+
+ """Check if it returns nothing when there is no parent object - configuration NC"""
+ has_parentGUID = False
+ for key in res4[0].keys():
+ if key == "parentGUID":
+ has_parentGUID = True
+ break
+ self.assertFalse(has_parentGUID)
+
+ """Check if it returns nothing when there is no parent object - schema NC"""
+ has_parentGUID = False
+ for key in res5[0].keys():
+ if key == "parentGUID":
+ has_parentGUID = True
+ break
+ self.assertFalse(has_parentGUID)
"""Ensures that if you look for another object attribute after the constructed
parentGUID, it will return correctly"""
break
self.assertTrue(has_another_attribute)
self.assertTrue(len(res1[0]["samaccountname"]) == 1)
- self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
+ self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest")
- print "Testing parentGUID behaviour on rename\n"
+ # Testing parentGUID behaviour on rename\
self.ldb.add({
"dn": "cn=testotherusers," + self.base_dn,
- "objectclass":"container"});
- res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
- attrs=["objectGUID"]);
+ "objectclass": "container"})
+ res1 = ldb.search(base="cn=testotherusers," + self.base_dn, scope=SCOPE_BASE,
+ attrs=["objectGUID"])
ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
- "cn=parentguidtest,cn=testotherusers," + self.base_dn);
+ "cn=parentguidtest,cn=testotherusers," + self.base_dn)
res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
scope=SCOPE_BASE,
- attrs=["parentGUID"]);
- self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
-
- self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
-
- def test_groupType_int32(self):
- """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
- print "Testing groupType (int32) behaviour\n"
+ attrs=["parentGUID"])
+ self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"])
- res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
- attrs=["groupType"], expression="groupType=2147483653");
+ delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
- res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
- attrs=["groupType"], expression="groupType=-2147483643");
+ def test_usnChanged(self):
+ """Test usnChanged behaviour"""
- self.assertEquals(len(res1), len(res2))
-
- self.assertTrue(res1.count > 0)
-
- self.assertEquals(res1[0]["groupType"][0], "-2147483643")
-
- def test_linked_attributes(self):
- """This tests the linked attribute behaviour"""
- print "Testing linked attribute behaviour\n"
-
- ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
-
- # This should not work since "memberOf" is linked to "member"
- try:
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
- "memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "memberOf")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ self.ldb.add({
+ "dn": "cn=ldaptestcontainer," + self.base_dn,
+ "objectClass": "container"})
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
- ldb.modify(m)
+ res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("description" in res[0])
+ self.assertTrue("objectGUID" in res[0])
+ self.assertTrue("uSNCreated" in res[0])
+ self.assertTrue("uSNChanged" in res[0])
+ self.assertTrue("whenCreated" in res[0])
+ self.assertTrue("whenChanged" in res[0])
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_REPLACE, "memberOf")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "memberOf")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # All this attributes are specificable on add operations
+ self.ldb.add({
+ "dn": "cn=ldaptestcontainer," + self.base_dn,
+ "objectclass": "container",
+ "uSNCreated": "1",
+ "uSNChanged": "1",
+ "whenCreated": timestring(long(time.time())),
+ "whenChanged": timestring(long(time.time()))})
+
+ res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("description" in res[0])
+ self.assertTrue("objectGUID" in res[0])
+ self.assertTrue("uSNCreated" in res[0])
+ self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
+ self.assertTrue("uSNChanged" in res[0])
+ self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
+ self.assertTrue("whenCreated" in res[0])
+ self.assertTrue("whenChanged" in res[0])
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_DELETE, "member")
- ldb.modify(m)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+""")
- # This should yield no results since the member attribute for
- # "ldaptestuser" should have been deleted
- res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
+ res2 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
scope=SCOPE_BASE,
- expression="(member=cn=ldaptestuser,cn=users," + self.base_dn + ")",
- attrs=[])
- self.assertTrue(len(res1) == 0)
-
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
- ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "member": "cn=ldaptestuser,cn=users," + self.base_dn})
-
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-
- # Make sure that the "member" attribute for "ldaptestuser" has been
- # removed
- res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["member"])
+ attrs=["uSNCreated", "uSNChanged", "description"])
self.assertTrue(len(res) == 1)
- self.assertFalse("member" in res[0])
+ self.assertFalse("description" in res2[0])
+ self.assertEqual(res[0]["usnCreated"], res2[0]["usnCreated"])
+ self.assertEqual(res[0]["usnCreated"], res2[0]["usnChanged"])
+ self.assertEqual(res[0]["usnChanged"], res2[0]["usnChanged"])
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
- def test_groups(self):
- """This tests the group behaviour (setting, changing) of a user account"""
- print "Testing group behaviour\n"
-
- ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
-
- ldb.add({
- "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
- "objectclass": "group"})
-
- res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["objectSID"])
- self.assertTrue(len(res1) == 1)
- group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
- res1[0]["objectSID"][0])).split()[1]
-
- res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["objectSID"])
- self.assertTrue(len(res1) == 1)
- group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
- res1[0]["objectSID"][0])).split()[1]
-
- # Try to create a user with an invalid primary group
- try:
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
- "primaryGroupID": "0"})
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test
+""")
- # Try to Create a user with a valid primary group
-# TODO Some more investigation needed here
-# try:
-# ldb.add({
-# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
-# "objectclass": ["user", "person"],
-# "primaryGroupID": str(group_rid_1)})
-# self.fail()
-# except LdbError, (num, _):
-# self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-# self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ res3 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("description" in res3[0])
+ self.assertEqual("test", str(res3[0]["description"][0]))
+ self.assertEqual(res[0]["usnCreated"], res3[0]["usnCreated"])
+ self.assertNotEqual(res[0]["usnCreated"], res3[0]["usnChanged"])
+ self.assertNotEqual(res[0]["usnChanged"], res3[0]["usnChanged"])
- # Test to see how we should behave when the user account doesn't
- # exist
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test
+""")
- # Test to see how we should behave when the account isn't a user
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+ res4 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("description" in res4[0])
+ self.assertEqual("test", str(res4[0]["description"][0]))
+ self.assertEqual(res[0]["usnCreated"], res4[0]["usnCreated"])
+ self.assertNotEqual(res3[0]["usnCreated"], res4[0]["usnChanged"])
+ self.assertEqual(res3[0]["usnChanged"], res4[0]["usnChanged"])
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: test2
+""")
- # We should be able to reset our actual primary group
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement("513", FLAG_MOD_REPLACE,
- "primaryGroupID")
- ldb.modify(m)
+ res5 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("description" in res5[0])
+ self.assertEqual("test2", str(res5[0]["description"][0]))
+ self.assertEqual(res[0]["usnCreated"], res5[0]["usnCreated"])
+ self.assertNotEqual(res3[0]["usnChanged"], res5[0]["usnChanged"])
- # Try to add invalid primary group
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
- "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+delete: description
+description: test2
+""")
- # Try to make group 1 primary - should be denied since it is not yet
- # secondary
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement(str(group_rid_1),
- FLAG_MOD_REPLACE, "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ res6 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("description" in res6[0])
+ self.assertEqual(res[0]["usnCreated"], res6[0]["usnCreated"])
+ self.assertNotEqual(res5[0]["usnChanged"], res6[0]["usnChanged"])
- # Make group 1 secondary
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_REPLACE, "member")
- ldb.modify(m)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+add: description
+description: test3
+""")
- # Make group 1 primary
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement(str(group_rid_1),
- FLAG_MOD_REPLACE, "primaryGroupID")
- ldb.modify(m)
+ res7 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("description" in res7[0])
+ self.assertEqual("test3", str(res7[0]["description"][0]))
+ self.assertEqual(res[0]["usnCreated"], res7[0]["usnCreated"])
+ self.assertNotEqual(res6[0]["usnChanged"], res7[0]["usnChanged"])
- # Try to delete group 1 - should be denied
- try:
- ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+delete: description
+""")
- # Try to add group 1 also as secondary - should be denied
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+ res8 = ldb.search("cn=ldaptestcontainer," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["uSNCreated", "uSNChanged", "description"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("description" in res8[0])
+ self.assertEqual(res[0]["usnCreated"], res8[0]["usnCreated"])
+ self.assertNotEqual(res7[0]["usnChanged"], res8[0]["usnChanged"])
- # Try to add invalid member to group 1 - should be denied
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["member"] = MessageElement(
- "cn=ldaptestuser3,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- # Make group 2 secondary
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
- FLAG_MOD_ADD, "member")
- ldb.modify(m)
+ def test_groupType_int32(self):
+ """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
- # Swap the groups
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement(str(group_rid_2),
- FLAG_MOD_REPLACE, "primaryGroupID")
- ldb.modify(m)
+ res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+ attrs=["groupType"], expression="groupType=2147483653")
- # Old primary group should contain a "member" attribute for the user,
- # the new shouldn't contain anymore one
- res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["member"])
- self.assertTrue(len(res1) == 1)
- self.assertTrue(len(res1[0]["member"]) == 1)
- self.assertEquals(res1[0]["member"][0].lower(),
- ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
+ res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+ attrs=["groupType"], expression="groupType=-2147483643")
- res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["member"])
- self.assertTrue(len(res1) == 1)
- self.assertFalse("member" in res1[0])
+ self.assertEquals(len(res1), len(res2))
- # Also this should be denied
- try:
- ldb.add({
- "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
- "objectclass": ["user", "person"],
- "primaryGroupID": "0"})
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ self.assertTrue(res1.count > 0)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ self.assertEquals(res1[0]["groupType"][0], "-2147483643")
- def test_sam_attributes(self):
- """Test the behaviour of special attributes of SAM objects"""
- print "Testing the behaviour of special attributes of SAM objects\n"""
+ def test_linked_attributes(self):
+ """This tests the linked attribute behaviour"""
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group"})
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["groupType"] = MessageElement("0", FLAG_MOD_ADD,
- "groupType")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["groupType"] = MessageElement([], FLAG_MOD_DELETE,
- "groupType")
+ # This should not work since "memberOf" is linked to "member"
try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
+ except LdbError as e90:
+ (num, _) = e90.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement("0", FLAG_MOD_ADD,
- "primaryGroupID")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user"})
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["primaryGroupID"] = MessageElement([], FLAG_MOD_DELETE,
- "primaryGroupID")
+ m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "memberOf")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e91:
+ (num, _) = e91.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["userAccountControl"] = MessageElement("0", FLAG_MOD_ADD,
- "userAccountControl")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["userAccountControl"] = MessageElement([], FLAG_MOD_DELETE,
- "userAccountControl")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "member")
+ ldb.modify(m)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
- "sAMAccountType")
+ m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+ FLAG_MOD_REPLACE, "memberOf")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e92:
+ (num, _) = e92.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountType"] = MessageElement([], FLAG_MOD_REPLACE,
- "sAMAccountType")
+ m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
+ FLAG_MOD_DELETE, "memberOf")
try:
ldb.modify(m)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e93:
+ (num, _) = e93.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
m = Message()
- m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- m["sAMAccountType"] = MessageElement([], FLAG_MOD_DELETE,
- "sAMAccountType")
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
- def test_primary_group_token_constructed(self):
- """Test the primary group token behaviour (hidden-generated-readonly attribute on groups) and some other constructed attributes"""
- print "Testing primary group token behaviour and other constructed attributes\n"
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_DELETE, "member")
+ ldb.modify(m)
- try:
- ldb.add({
- "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group",
- "primaryGroupToken": "100"})
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ # This should yield no results since the member attribute for
+ # "ldaptestuser" should have been deleted
+ res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ expression="(member=cn=ldaptestuser,cn=users," + self.base_dn + ")",
+ attrs=[])
+ self.assertTrue(len(res1) == 0)
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
- "objectclass": "group"})
-
- # Testing for one invalid, and one valid operational attribute, but also the things they are built from
- res1 = ldb.search(self.base_dn,
- scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
- self.assertTrue(len(res1) == 1)
- self.assertFalse("primaryGroupToken" in res1[0])
- self.assertTrue("canonicalName" in res1[0])
- self.assertTrue("objectClass" in res1[0])
- self.assertTrue("objectSid" in res1[0])
-
- res1 = ldb.search(self.base_dn,
- scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
- self.assertTrue(len(res1) == 1)
- self.assertFalse("primaryGroupToken" in res1[0])
- self.assertFalse("objectSid" in res1[0])
- self.assertFalse("objectClass" in res1[0])
- self.assertTrue("canonicalName" in res1[0])
-
- res1 = ldb.search("cn=users,"+self.base_dn,
- scope=SCOPE_BASE, attrs=["primaryGroupToken"])
- self.assertTrue(len(res1) == 1)
- self.assertFalse("primaryGroupToken" in res1[0])
-
- res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["primaryGroupToken"])
- self.assertTrue(len(res1) == 1)
- self.assertFalse("primaryGroupToken" in res1[0])
-
- res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
- scope=SCOPE_BASE)
- self.assertTrue(len(res1) == 1)
- self.assertFalse("primaryGroupToken" in res1[0])
-
- res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
- self.assertTrue(len(res1) == 1)
- primary_group_token = int(res1[0]["primaryGroupToken"][0])
-
- rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
- self.assertEquals(primary_group_token, rid)
-
- m = Message()
- m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- m["primaryGroupToken"] = "100"
- try:
- ldb.modify(m)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
-
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
- def test_tokenGroups(self):
- """Test the tokenGroups behaviour (hidden-generated-readonly attribute on SAM objects)"""
- print "Testing tokenGroups behaviour\n"
-
- # The domain object shouldn't contain any "tokenGroups" entry
- res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"])
- self.assertTrue(len(res) == 1)
- self.assertFalse("tokenGroups" in res[0])
-
- # The domain administrator should contain "tokenGroups" entries
- # (the exact number depends on the domain/forest function level and the
- # DC software versions)
- res = ldb.search("cn=Administrator,cn=Users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["tokenGroups"])
- self.assertTrue(len(res) == 1)
- self.assertTrue("tokenGroups" in res[0])
+ "objectclass": "group",
+ "member": "cn=ldaptestuser,cn=users," + self.base_dn})
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- # This testuser should contain at least two "tokenGroups" entries
- # (exactly two on an unmodified "Domain Users" and "Users" group)
- res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
- scope=SCOPE_BASE, attrs=["tokenGroups"])
+ # Make sure that the "member" attribute for "ldaptestuser" has been
+ # removed
+ res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["member"])
self.assertTrue(len(res) == 1)
- self.assertTrue(len(res[0]["tokenGroups"]) >= 2)
-
- # one entry which we need to find should point to domains "Domain Users"
- # group and another entry should point to the builtin "Users"group
- domain_users_group_found = False
- users_group_found = False
- for sid in res[0]["tokenGroups"]:
- rid = security.dom_sid(ldb.schema_format_value("objectSID", sid)).split()[1]
- if rid == 513:
- domain_users_group_found = True
- if rid == 545:
- users_group_found = True
-
- self.assertTrue(domain_users_group_found)
- self.assertTrue(users_group_found)
+ self.assertFalse("member" in res[0])
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_wkguid(self):
"""Test Well known GUID behaviours (including DN+Binary)"""
- print "Test Well known GUID behaviours (including DN+Binary)"""
res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
self.assertEquals(len(res), 1)
-
+
res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
self.assertEquals(len(res2), 1)
def test_subschemasubentry(self):
"""Test subSchemaSubEntry appears when requested, but not when not requested"""
- print "Test subSchemaSubEntry"""
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
self.assertEquals(len(res), 1)
- self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
+ self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate," + self.schema_dn)
res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
self.assertEquals(len(res), 1)
self.assertTrue("subScheamSubEntry" not in res[0])
- def test_delete(self):
- """Tests the delete operation"""
- print "Tests the delete operations"""
-
- ldb.add({
- "dn": "cn=ldaptestcontainer," + self.base_dn,
- "objectclass": "container"})
- ldb.add({
- "dn": "cn=entry1,cn=ldaptestcontainer," + self.base_dn,
- "objectclass": "container"})
- ldb.add({
- "dn": "cn=entry2,cn=ldaptestcontainer," + self.base_dn,
- "objectclass": "container"})
-
- try:
- ldb.delete("cn=ldaptestcontainer," + self.base_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
-
- ldb.delete("cn=ldaptestcontainer," + self.base_dn, ["tree_delete:0"])
-
- try:
- res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- try:
- res = ldb.search("cn=entry1,cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- try:
- res = ldb.search("cn=entry2,cn=ldaptestcontainer," + self.base_dn,
- scope=SCOPE_BASE, attrs=[])
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
-
- self.delete_force(self.ldb, "cn=entry1,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=entry2,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
-
- # Performs some protected object delete testing
-
- res = ldb.search(base="", expression="", scope=SCOPE_BASE,
- attrs=["dsServiceName", "dNSHostName"])
- self.assertEquals(len(res), 1)
-
- try:
- ldb.delete(res[0]["dsServiceName"][0])
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- res = ldb.search(self.base_dn, scope=SCOPE_SUBTREE,
- attrs=["rIDSetReferences"],
- expression="(&(objectClass=computer)(dNSHostName=" + res[0]["dNSHostName"][0] + "))")
- self.assertEquals(len(res), 1)
-
- try:
- ldb.delete(res[0]["rIDSetReferences"][0])
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- try:
- ldb.delete("cn=Enterprise Schema,cn=Partitions," + self.configuration_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- try:
- ldb.delete("cn=Enterprise Configuration,cn=Partitions," + self.configuration_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- # Performs some "systemFlags" testing
-
- # Delete failing since "SYSTEM_FLAG_DISALLOW_DELETE"
- try:
- ldb.delete("CN=Users," + self.base_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
def test_all(self):
"""Basic tests"""
- print "Testing user add"
+ # Testing user add
ldb.add({
"dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
- "objectclass": ["user", "person"],
+ "objectclass": "user",
"cN": "LDAPtestUSER",
"givenname": "ldap",
"sn": "testy"})
"cN": "LDAPtestCOMPUTER"})
ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
- "objectClass": "computer",
- "cn": "LDAPtest2COMPUTER",
- "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
- "displayname": "ldap testy"})
+ "objectClass": "computer",
+ "cn": "LDAPtest2COMPUTER",
+ "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
+ "displayname": "ldap testy"})
try:
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
"cn": "LDAPtest2COMPUTER"
})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e94:
+ (num, _) = e94.args
self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
try:
"objectClass": "computer",
"cn": "ldaptestcomputer3",
"sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
- })
+ })
self.fail()
- except LdbError, (num, _):
+ except LdbError as e95:
+ (num, _) = e95.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
"cn": "LDAPtestCOMPUTER3"
})
- print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
- res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
+ # Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))
+ res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))")
self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
- self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
- self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
- self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
- self.assertEquals(res[0]["objectClass"][0], "top");
- self.assertEquals(res[0]["objectClass"][1], "person");
- self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
- self.assertEquals(res[0]["objectClass"][3], "user");
- self.assertEquals(res[0]["objectClass"][4], "computer");
+ self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn))
+ self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3")
+ self.assertEquals(res[0]["name"][0], "ldaptestcomputer3")
+ self.assertEquals(res[0]["objectClass"][0], "top")
+ self.assertEquals(res[0]["objectClass"][1], "person")
+ self.assertEquals(res[0]["objectClass"][2], "organizationalPerson")
+ self.assertEquals(res[0]["objectClass"][3], "user")
+ self.assertEquals(res[0]["objectClass"][4], "computer")
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
- self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
- self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
- self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
+ self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,%s" % ldb.get_schema_basedn()))
+ self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
+ self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
+ self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- print "Testing attribute or value exists behaviour"
+ # Testing attribute or value exists behaviour
try:
ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
servicePrincipalName: cifs/ldaptest2computer
""")
self.fail()
- except LdbError, (num, msg):
+ except LdbError as e96:
+ (num, msg) = e96.args
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
ldb.modify_ldif("""
servicePrincipalName: host/ldaptest2computer
""")
self.fail()
- except LdbError, (num, msg):
+ except LdbError as e97:
+ (num, msg) = e97.args
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- print "Testing ranged results"
+ # Testing ranged results
ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
changetype: modify
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
attrs=["servicePrincipalName;range=0-*"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
- #print len(res[0]["servicePrincipalName;range=0-*"])
self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
- # print res[0]["servicePrincipalName;range=0-19"].length
self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
-
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
- # print res[0]["servicePrincipalName;range=11-*"][18]
- # print pos_11
- # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
+ # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
- # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
+ # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
- # print res[0]["servicePrincipalName"][18]
- # print pos_11
self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
- # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
+ # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
- "objectClass": ["person", "user"],
+ "objectClass": "user",
"cn": "LDAPtestUSER2",
"givenname": "testy",
"sn": "ldap user2"})
- print "Testing Ambigious Name Resolution"
+ # Testing Ambigious Name Resolution
# Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
# res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
# self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
- print "Testing Renames"
+ # Testing Renames
attrs = ["objectGUID", "objectSid"]
- print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))
res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
# Check rename works with extended/alternate DN forms
- ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
+ ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">", "cn=ldaptestUSER3,cn=users," + self.base_dn)
- print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))
res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
- #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
+ #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
- #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
+ #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
- #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
+ #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
- # This is a Samba special, and does not exist in real AD
- # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
- # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
- # if (res.error != 0 || len(res) != 1) {
- # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
- # self.assertEquals(len(res), 1)
- # }
- # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
- # self.assertEquals(res[0].cn, "ldaptestUSER3")
- # self.assertEquals(res[0].name, "ldaptestUSER3")
-
- print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
+ # Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ") - should not work
+ res = ldb.search(expression="(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+ self.assertEquals(len(res), 0, "Could find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+
+ # Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")
res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
- self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
+ self.assertEquals(len(res), 1, "Could not find (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
# ensure we cannot add it again
try:
ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
- "objectClass": ["person", "user"],
- "cn": "LDAPtestUSER3"})
+ "objectClass": "user",
+ "cn": "LDAPtestUSER3"})
self.fail()
- except LdbError, (num, _):
+ except LdbError as e98:
+ (num, _) = e98.args
self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
# rename back
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
"cn=ldaptestuser2,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e99:
+ (num, _) = e99.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
# ensure can now use that name
ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
- "objectClass": ["person", "user"],
- "cn": "LDAPtestUSER3"})
+ "objectClass": "user",
+ "cn": "LDAPtestUSER3"})
# ensure we now cannot rename
try:
ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e100:
+ (num, _) = e100.args
self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
try:
- ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
+ ldb.rename("cn=ldaptestuser3,cn=users,%s" % self.base_dn, "cn=ldaptestuser3,%s" % ldb.get_config_basedn())
self.fail()
- except LdbError, (num, _):
+ except LdbError as e101:
+ (num, _) = e101.args
self.assertTrue(num in (71, 64))
ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- print "Testing subtree renames"
+ # Testing subtree renames
ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
"objectClass": "container"})
ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
- "objectClass": ["person", "user"],
+ "objectClass": "user",
"cn": "LDAPtestUSER4"})
+ # Here we don't enforce these hard "description" constraints
+ ldb.modify_ldif("""
+dn: cn=ldaptestcontainer,""" + self.base_dn + """
+changetype: modify
+replace: description
+description: desc1
+description: desc2
+""")
+
ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
changetype: modify
member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
""")
- print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
+ # Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
- print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))
res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
- print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
+ # Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))",
- scope=SCOPE_SUBTREE)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))",
+ scope=SCOPE_SUBTREE)
self.fail(res)
- except LdbError, (num, _):
+ except LdbError as e102:
+ (num, _) = e102.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
+ # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
try:
res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
- expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
+ expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e103:
+ (num, _) = e103.args
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
+ # Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
time.sleep(4)
- print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
+ # Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
- print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
+ # Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
try:
ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e104:
+ (num, _) = e104.args
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
+ # Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
try:
ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e105:
+ (num, _) = e105.args
self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
- print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
+ # Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
try:
ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
self.fail()
- except LdbError, (num, _):
+ except LdbError as e106:
+ (num, _) = e106.args
self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
- print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
+ # Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
self.assertEquals(len(res), 1)
res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
self.assertEquals(len(res), 0)
- print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
+ # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
- # FIXME: self.assertEquals(len(res), 0)
+ self.assertEquals(len(res), 1)
- print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
+ # Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
- # FIXME: self.assertEquals(len(res), 0)
+ self.assertEquals(len(res), 1)
- print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
+ # Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
- print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
+ # Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
+ self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,%s" % ldb.get_schema_basedn()))
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
self.assertEquals(len(res[0]["memberOf"]), 1)
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
- res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
+ # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn()
+ res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
+ self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
+ # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
self.assertEquals(res[0].dn, res3[0].dn)
if gc_ldb is not None:
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
+ # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
self.assertEquals(len(res3gc), 1)
self.assertEquals(res[0].dn, res3gc[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
+ # Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
if gc_ldb is not None:
res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
ldb.delete(res[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
+ self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,%s" % ldb.get_schema_basedn()))
self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
self.assertEquals(len(res[0]["memberOf"]), 1)
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
- res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
+ # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn()
+ res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
+ self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2[0].dn)
if gc_ldb is not None:
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
- res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
+ # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) in Global Catalog" % gc_ldb.get_schema_basedn()
+ res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % gc_ldb.get_schema_basedn())
+ self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) In Global Catalog" % gc_ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2gc[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
+ # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
self.assertEquals(res[0].dn, res3[0].dn)
if gc_ldb is not None:
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
+ # Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
self.assertEquals(res[0].dn, res3gc[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
+ # Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
self.assertEquals(res[0].dn, res4[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
+ # Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
self.assertEquals(res[0].dn, res5[0].dn)
- print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
+ # Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
- print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
+ self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,%s" % ldb.get_schema_basedn())
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
- print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
ldaptestuser2_guid = res_user[0]["objectGUID"][0]
attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
- print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
+ # Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
- print res[0]["member"]
+ print(res[0]["member"])
memberUP = []
for m in res[0]["member"]:
memberUP.append(m.upper())
- print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
+ print(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper())
self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
- print "Quicktest for linked attributes"
+ # Quicktest for linked attributes"
ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
changetype: modify
time.sleep(4)
attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
- print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
+ # Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
self.assertTrue("member" not in res[0])
- print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
-# TODO UTF8 users don't seem to work fully anymore
-# res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
+ # Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
+ res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
+ self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
+ # delete "ldaptestutf8user"
ldb.delete(res[0].dn)
- print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
+ # Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
+ # Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
+ res = ldb.search(expression="(&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))")
+ self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))")
+
+ # delete "ldaptestutf8user2 "
ldb.delete(res[0].dn)
ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
- print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
-# TODO UTF8 users don't seem to work fully anymore
-# res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
-# self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
-
- print "Testing that we can't get at the configuration DN from the main search base"
+ # Testing that we can't get at the configuration DN from the main search base"
res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertEquals(len(res), 0)
- print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
+ # Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
self.assertTrue(len(res) > 0)
if gc_ldb is not None:
- print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
+ # Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
self.assertTrue(len(res) > 0)
- print "Testing that we do find configuration elements in the global catlog"
+ # Testing that we do find configuration elements in the global catlog"
res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing that we do find configuration elements and user elements at the same time"
+ # Testing that we do find configuration elements and user elements at the same time"
res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
+ # Testing that we do find configuration elements in the global catlog, with the configuration basedn"
res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing that we can get at the configuration DN on the main LDAP port"
+ # Testing that we can get at the configuration DN on the main LDAP port"
res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing objectCategory canonacolisation"
+ # Testing objectCategory canonacolisation"
res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
self.assertTrue(len(res) != 0)
self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
self.assertTrue(len(res) != 0)
- print "Testing objectClass attribute order on "+ self.base_dn
+ # Testing objectClass attribute order on "+ self.base_dn
res = ldb.search(expression="objectClass=domain", base=self.base_dn,
scope=SCOPE_BASE, attrs=["objectClass"])
self.assertEquals(len(res), 1)
# check enumeration
- print "Testing ldb.search for objectCategory=person"
+ # Testing ldb.search for objectCategory=person"
res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing ldb.search for objectCategory=person with domain scope control"
+ # Testing ldb.search for objectCategory=person with domain scope control"
res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
self.assertTrue(len(res) > 0)
- print "Testing ldb.search for objectCategory=user"
+ # Testing ldb.search for objectCategory=user"
res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing ldb.search for objectCategory=user with domain scope control"
+ # Testing ldb.search for objectCategory=user with domain scope control"
res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
self.assertTrue(len(res) > 0)
- print "Testing ldb.search for objectCategory=group"
+ # Testing ldb.search for objectCategory=group"
res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
self.assertTrue(len(res) > 0)
- print "Testing ldb.search for objectCategory=group with domain scope control"
+ # Testing ldb.search for objectCategory=group with domain scope control"
res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
self.assertTrue(len(res) > 0)
- print "Testing creating a user with the posixAccount objectClass"
+ # Testing creating a user with the posixAccount objectClass"
self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
objectClass: top
objectClass: person
homeDirectory: /home/posixuser
loginShell: /bin/bash
gecos: Posix User;;;
-description: A POSIX user"""% (self.base_dn))
+description: A POSIX user""" % (self.base_dn))
- print "Testing removing the posixAccount objectClass from an existing user"
+ # Testing removing the posixAccount objectClass from an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
delete: objectClass
-objectClass: posixAccount"""% (self.base_dn))
+objectClass: posixAccount""" % (self.base_dn))
- print "Testing adding the posixAccount objectClass to an existing user"
+ # Testing adding the posixAccount objectClass to an existing user"
self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
changetype: modify
add: objectClass
-objectClass: posixAccount"""% (self.base_dn))
-
- self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+objectClass: posixAccount""" % (self.base_dn))
+
+ delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
def test_security_descriptor_add(self):
""" Testing ldb.add_ldif() for nTSecurityDescriptor """
user_name = "testdescriptoruser1"
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
#
+ # Test an empty security descriptor (naturally this shouldn't work)
+ #
+ delete_force(self.ldb, user_dn)
+ try:
+ self.ldb.add({"dn": user_dn,
+ "objectClass": "user",
+ "sAMAccountName": user_name,
+ "nTSecurityDescriptor": []})
+ self.fail()
+ except LdbError as e107:
+ (num, _) = e107.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ finally:
+ delete_force(self.ldb, user_dn)
+ #
# Test add_ldif() with SDDL security descriptor input
#
- self.delete_force(self.ldb, user_dn)
try:
sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
self.ldb.add_ldif("""
nTSecurityDescriptor: """ + sddl)
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
desc = res[0]["nTSecurityDescriptor"][0]
- desc = ndr_unpack( security.descriptor, desc )
- desc_sddl = desc.as_sddl( self.domain_sid )
+ desc = ndr_unpack(security.descriptor, desc)
+ desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test add_ldif() with BASE64 security descriptor
#
sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, self.domain_sid)
desc_binary = ndr_pack(desc)
- desc_base64 = base64.b64encode(desc_binary)
+ desc_base64 = base64.b64encode(desc_binary).decode('utf8')
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
def test_security_descriptor_add_neg(self):
"""Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
"""
user_name = "testdescriptoruser1"
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
try:
- sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
+ sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
- desc_base64 = base64.b64encode( ndr_pack(desc) )
+ desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
nTSecurityDescriptor:: """ + desc_base64)
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
self.assertTrue("nTSecurityDescriptor" in res[0])
+ desc = res[0]["nTSecurityDescriptor"][0]
+ desc = ndr_unpack(security.descriptor, desc)
+ desc_sddl = desc.as_sddl(self.domain_sid)
+ self.assertTrue("O:S-1-5-21-513G:S-1-5-21-513D:AI(A;;RPWP;;;AU)" in desc_sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
def test_security_descriptor_modify(self):
""" Testing ldb.modify_ldif() for nTSecurityDescriptor """
user_name = "testdescriptoruser2"
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
#
- # Delete user object and test modify_ldif() with SDDL security descriptor input
+ # Test an empty security descriptor (naturally this shouldn't work)
+ #
+ delete_force(self.ldb, user_dn)
+ self.ldb.add({"dn": user_dn,
+ "objectClass": "user",
+ "sAMAccountName": user_name})
+
+ m = Message()
+ m.dn = Dn(ldb, user_dn)
+ m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_ADD,
+ "nTSecurityDescriptor")
+ try:
+ self.ldb.modify(m)
+ self.fail()
+ except LdbError as e108:
+ (num, _) = e108.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
+ m = Message()
+ m.dn = Dn(ldb, user_dn)
+ m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_REPLACE,
+ "nTSecurityDescriptor")
+ try:
+ self.ldb.modify(m)
+ self.fail()
+ except LdbError as e109:
+ (num, _) = e109.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ m = Message()
+ m.dn = Dn(ldb, user_dn)
+ m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_DELETE,
+ "nTSecurityDescriptor")
+ try:
+ self.ldb.modify(m)
+ self.fail()
+ except LdbError as e110:
+ (num, _) = e110.args
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, user_dn)
+ #
+ # Test modify_ldif() with SDDL security descriptor input
# Add ACE to the original descriptor test
#
try:
- self.delete_force(self.ldb, user_dn)
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with SDDL security descriptor input
# New desctiptor test
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with BASE64 security descriptor input
# Add ACE to the original descriptor test
desc_sddl = desc.as_sddl(self.domain_sid)
sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
desc = security.descriptor.from_sddl(sddl, self.domain_sid)
- desc_base64 = base64.b64encode(ndr_pack(desc))
+ desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
mod = """
dn: """ + user_dn + """
changetype: modify
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with BASE64 security descriptor input
# New descriptor test
#
try:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
# Modify descriptor
sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, self.domain_sid)
- desc_base64 = base64.b64encode(ndr_pack(desc))
+ desc_base64 = base64.b64encode(ndr_pack(desc)).decode('utf8')
mod = """
dn: """ + user_dn + """
changetype: modify
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
+
+ def test_dsheuristics(self):
+ """Tests the 'dSHeuristics' attribute"""
+ # Tests the 'dSHeuristics' attribute"
+
+ # Get the current value to restore it later
+ dsheuristics = self.ldb.get_dsheuristics()
+ # Perform the length checks: for each decade (except the 0th) we need
+ # the first index to be the number. This goes till the 9th one, beyond
+ # there does not seem to be another limitation.
+ try:
+ dshstr = ""
+ for i in range(1, 11):
+ # This is in the range
+ self.ldb.set_dsheuristics(dshstr + "x")
+ self.ldb.set_dsheuristics(dshstr + "xxxxx")
+ dshstr = dshstr + "xxxxxxxxx"
+ if i < 10:
+ # Not anymore in the range, new decade specifier needed
+ try:
+ self.ldb.set_dsheuristics(dshstr + "x")
+ self.fail()
+ except LdbError as e:
+ (num, _) = e.args
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ dshstr = dshstr + str(i)
+ else:
+ # There does not seem to be an upper limit
+ self.ldb.set_dsheuristics(dshstr + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
+ # apart from the above, all char values are accepted
+ self.ldb.set_dsheuristics("123ABC-+!1asdfg@#^")
+ self.assertEquals(self.ldb.get_dsheuristics(), "123ABC-+!1asdfg@#^")
+ finally:
+ # restore old value
+ self.ldb.set_dsheuristics(dsheuristics)
+
+ def test_ldapControlReturn(self):
+ """Testing that if we request a control that return a control it
+ really return something"""
+ res = self.ldb.search(attrs=["cn"],
+ controls=["paged_results:1:10"])
+ self.assertEquals(len(res.controls), 1)
+ self.assertEquals(res.controls[0].oid, "1.2.840.113556.1.4.319")
+ s = str(res.controls[0])
+
+ def test_operational(self):
+ """Tests operational attributes"""
+ # Tests operational attributes"
+
+ res = self.ldb.search(self.base_dn, scope=SCOPE_BASE,
+ attrs=["createTimeStamp", "modifyTimeStamp",
+ "structuralObjectClass", "whenCreated",
+ "whenChanged"])
+ self.assertEquals(len(res), 1)
+ self.assertTrue("createTimeStamp" in res[0])
+ self.assertTrue("modifyTimeStamp" in res[0])
+ self.assertTrue("structuralObjectClass" in res[0])
+ self.assertTrue("whenCreated" in res[0])
+ self.assertTrue("whenChanged" in res[0])
+
+ def test_timevalues1(self):
+ """Tests possible syntax of time attributes"""
+
+ user_name = "testtimevaluesuser1"
+ user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
+ delete_force(self.ldb, user_dn)
+ self.ldb.add({"dn": user_dn,
+ "objectClass": "user",
+ "sAMAccountName": user_name})
-class BaseDnTests(unittest.TestCase):
+ #
+ # We check the following values:
+ #
+ # 370101000000Z => 20370101000000.0Z
+ # 20370102000000.*Z => 20370102000000.0Z
+ #
+ ext = ["Z", ".0Z", ".Z", ".000Z", ".RandomIgnoredCharacters...987654321Z"]
+ for i in range(0, len(ext)):
+ v_raw = "203701%02d000000" % (i + 1)
+ if ext[i] == "Z":
+ v_set = v_raw[2:] + ext[i]
+ else:
+ v_set = v_raw + ext[i]
+ v_get = v_raw + ".0Z"
+
+ m = Message()
+ m.dn = Dn(ldb, user_dn)
+ m["msTSExpireDate"] = MessageElement([v_set],
+ FLAG_MOD_REPLACE,
+ "msTSExpireDate")
+ self.ldb.modify(m)
+
+ res = self.ldb.search(base=user_dn, scope=SCOPE_BASE, attrs=["msTSExpireDate"])
+ self.assertTrue(len(res) == 1)
+ self.assertTrue("msTSExpireDate" in res[0])
+ self.assertTrue(len(res[0]["msTSExpireDate"]) == 1)
+ self.assertEquals(res[0]["msTSExpireDate"][0], v_get)
+
+
+class BaseDnTests(samba.tests.TestCase):
def setUp(self):
super(BaseDnTests, self).setUp()
def test_rootdse_attrs(self):
"""Testing for all rootDSE attributes"""
- res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
+ res = self.ldb.search("", scope=SCOPE_BASE, attrs=[])
self.assertEquals(len(res), 1)
def test_highestcommittedusn(self):
def test_netlogon_highestcommitted_usn(self):
"""Testing for netlogon and highestCommittedUSN via LDAP"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["netlogon", "highestCommittedUSN"])
+ attrs=["netlogon", "highestCommittedUSN"])
self.assertEquals(len(res), 0)
def test_namingContexts(self):
"""Testing for namingContexts in rootDSE"""
res = self.ldb.search("", scope=SCOPE_BASE,
- attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
+ attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
self.assertEquals(len(res), 1)
-
+
ncs = set([])
for nc in res[0]["namingContexts"]:
self.assertTrue(nc not in ncs)
self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
+ def test_serverPath(self):
+ """Testing the server paths in rootDSE"""
+ res = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["dsServiceName", "serverName"])
+ self.assertEquals(len(res), 1)
+
+ self.assertTrue("CN=Servers" in res[0]["dsServiceName"][0])
+ self.assertTrue("CN=Sites" in res[0]["dsServiceName"][0])
+ self.assertTrue("CN=NTDS Settings" in res[0]["dsServiceName"][0])
+ self.assertTrue("CN=Servers" in res[0]["serverName"][0])
+ self.assertTrue("CN=Sites" in res[0]["serverName"][0])
+ self.assertFalse("CN=NTDS Settings" in res[0]["serverName"][0])
+
+ def test_functionality(self):
+ """Testing the server paths in rootDSE"""
+ res = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["forestFunctionality", "domainFunctionality", "domainControllerFunctionality"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(len(res[0]["forestFunctionality"]), 1)
+ self.assertEquals(len(res[0]["domainFunctionality"]), 1)
+ self.assertEquals(len(res[0]["domainControllerFunctionality"]), 1)
+
+ self.assertTrue(int(res[0]["forestFunctionality"][0]) <= int(res[0]["domainFunctionality"][0]))
+ self.assertTrue(int(res[0]["domainControllerFunctionality"][0]) >= int(res[0]["domainFunctionality"][0]))
+
+ res2 = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["dsServiceName", "serverName"])
+ self.assertEquals(len(res2), 1)
+ self.assertEquals(len(res2[0]["dsServiceName"]), 1)
+
+ res3 = self.ldb.search(res2[0]["dsServiceName"][0], scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res3), 1)
+ self.assertEquals(len(res3[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["domainControllerFunctionality"][0]), int(res3[0]["msDS-Behavior-Version"][0]))
+
+ res4 = self.ldb.search(ldb.domain_dn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res4), 1)
+ self.assertEquals(len(res4[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["domainFunctionality"][0]), int(res4[0]["msDS-Behavior-Version"][0]))
+
+ res5 = self.ldb.search("cn=partitions,%s" % ldb.get_config_basedn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res5), 1)
+ self.assertEquals(len(res5[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["forestFunctionality"][0]), int(res5[0]["msDS-Behavior-Version"][0]))
+
+ def test_dnsHostname(self):
+ """Testing the DNS hostname in rootDSE"""
+ res = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["dnsHostName", "serverName"])
+ self.assertEquals(len(res), 1)
+
+ res2 = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
+ attrs=["dNSHostName"])
+ self.assertEquals(len(res2), 1)
+
+ self.assertEquals(res[0]["dnsHostName"][0], res2[0]["dNSHostName"][0])
+
+ def test_ldapServiceName(self):
+ """Testing the ldap service name in rootDSE"""
+ res = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["ldapServiceName", "dnsHostName"])
+ self.assertEquals(len(res), 1)
+ self.assertTrue("ldapServiceName" in res[0])
+ self.assertTrue("dnsHostName" in res[0])
+
+ (hostname, _, dns_domainname) = res[0]["dnsHostName"][0].partition(".")
+
+ given = res[0]["ldapServiceName"][0]
+ expected = "%s:%s$@%s" % (dns_domainname.lower(), hostname.lower(), dns_domainname.upper())
+ self.assertEquals(given, expected)
if not "://" in host:
if os.path.isfile(host):
else:
host = "ldap://%s" % host
-ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
+ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
if not "tdb://" in host:
gc_ldb = Ldb("%s:3268" % host, credentials=creds,
- session_info=system_session(), lp=lp)
+ session_info=system_session(lp), lp=lp)
else:
gc_ldb = None
-runner = SubunitTestRunner()
-rc = 0
-if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
- rc = 1
-if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():
- rc = 1
-sys.exit(rc)
+TestProgram(module=__name__, opts=subunitopts)
git.samba.org / nivanova / samba-autobuild / .git / blobdiff