2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
9 # Add path to the library for in-tree use
10 sys.path.append("scripting/python")
11 import samba.getopt as options
13 from auth import system_session
14 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
18 parser = optparse.OptionParser("ldap [options] <host>")
19 parser.add_option_group(options.SambaOptions(parser))
20 parser.add_option_group(options.VersionOptions(parser))
21 # use command line creds if available
22 credopts = options.CredentialsOptions(parser)
23 parser.add_option_group(credopts)
24 creds = credopts.get_credentials()
25 opts, args = parser.parse_args()
35 lp.load(opts.configfile)
37 def assertEquals(a1, a2):
40 def basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn):
41 print "Running basic tests"
43 ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
44 ldb.delete("cn=ldaptestgroup,cn=users," + base_dn)
46 print "Testing group add with invalid member"
49 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
50 "objectclass": "group",
51 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
52 except LdbError, (num, _):
53 assert error == 32 # LDAP_NO_SUCH_OBJECT
57 print "Testing user add"
60 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
61 "objectclass": ["user", "person"],
66 ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
68 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
69 "objectclass": ["user", "person"],
75 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
76 "objectclass": "group",
77 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
81 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
82 "objectclass": "computer",
83 "cN": "LDAPtestCOMPUTER"})
85 ldb.delete("cn=ldaptestcomputer,cn=computers," + base_dn)
87 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
88 "objectClass": "computer",
89 "cn": "LDAPtestCOMPUTER"})
92 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + base_dn,
93 "objectClass": "computer",
94 "cn": "LDAPtest2COMPUTER",
95 "userAccountControl": "4096",
96 "displayname": "ldap testy"})
98 ldb.delete("cn=ldaptest2computer,cn=computers," + base_dn)
100 "dn": "cn=ldaptest2computer,cn=computers," + base_dn,
101 "objectClass": "computer",
102 "cn": "LDAPtest2COMPUTER",
103 "userAccountControl": "4096",
104 "displayname": "ldap testy"})
106 print "Testing attribute or value exists behaviour"
109 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
111 replace: servicePrincipalName
112 servicePrincipalName: host/ldaptest2computer
113 servicePrincipalName: host/ldaptest2computer
114 servicePrincipalName: cifs/ldaptest2computer
116 except LdbError, (num, msg):
117 #LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
118 assert num == 20, "Expected error LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got : %s" % msg
121 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
123 replace: servicePrincipalName
124 servicePrincipalName: host/ldaptest2computer
125 servicePrincipalName: cifs/ldaptest2computer
129 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
131 add: servicePrincipalName
132 servicePrincipalName: host/ldaptest2computer
134 except LdbError, (num, msg):
135 assert num == 20, "Expected error LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got :" + msg
137 print "Testing ranged results"
139 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
141 replace: servicePrincipalName
145 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
147 add: servicePrincipalName
148 servicePrincipalName: host/ldaptest2computer0
149 servicePrincipalName: host/ldaptest2computer1
150 servicePrincipalName: host/ldaptest2computer2
151 servicePrincipalName: host/ldaptest2computer3
152 servicePrincipalName: host/ldaptest2computer4
153 servicePrincipalName: host/ldaptest2computer5
154 servicePrincipalName: host/ldaptest2computer6
155 servicePrincipalName: host/ldaptest2computer7
156 servicePrincipalName: host/ldaptest2computer8
157 servicePrincipalName: host/ldaptest2computer9
158 servicePrincipalName: host/ldaptest2computer10
159 servicePrincipalName: host/ldaptest2computer11
160 servicePrincipalName: host/ldaptest2computer12
161 servicePrincipalName: host/ldaptest2computer13
162 servicePrincipalName: host/ldaptest2computer14
163 servicePrincipalName: host/ldaptest2computer15
164 servicePrincipalName: host/ldaptest2computer16
165 servicePrincipalName: host/ldaptest2computer17
166 servicePrincipalName: host/ldaptest2computer18
167 servicePrincipalName: host/ldaptest2computer19
168 servicePrincipalName: host/ldaptest2computer20
169 servicePrincipalName: host/ldaptest2computer21
170 servicePrincipalName: host/ldaptest2computer22
171 servicePrincipalName: host/ldaptest2computer23
172 servicePrincipalName: host/ldaptest2computer24
173 servicePrincipalName: host/ldaptest2computer25
174 servicePrincipalName: host/ldaptest2computer26
175 servicePrincipalName: host/ldaptest2computer27
176 servicePrincipalName: host/ldaptest2computer28
177 servicePrincipalName: host/ldaptest2computer29
180 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=ldb.SCOPE_SUBTREE,
181 attrs=["servicePrincipalName;range=0-*"])
182 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
183 # print res[0]["servicePrincipalName;range=0-*"].length
184 assertEquals(res[0]["servicePrincipalName;range=0-*"].length, 30)
186 attrs = ["servicePrincipalName;range=0-19"]
187 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
188 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
189 # print res[0]["servicePrincipalName;range=0-19"].length
190 assertEquals(res[0]["servicePrincipalName;range=0-19"].length, 20)
192 attrs = ["servicePrincipalName;range=0-30"]
193 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
194 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
195 assertEquals(res[0]["servicePrincipalName;range=0-*"].length, 30)
197 attrs = ["servicePrincipalName;range=0-40"]
198 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
199 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
200 assertEquals(res[0]["servicePrincipalName;range=0-*"].length, 30)
202 attrs = ["servicePrincipalName;range=30-40"]
203 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
204 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
205 assertEquals(res[0]["servicePrincipalName;range=30-*"].length, 0)
207 attrs = ["servicePrincipalName;range=10-40"]
208 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
209 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
210 assertEquals(res[0]["servicePrincipalName;range=10-*"].length, 20)
211 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
213 attrs = ["servicePrincipalName;range=11-40"]
214 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
215 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
216 assertEquals(res[0]["servicePrincipalName;range=11-*"].length, 19)
217 # print res[0]["servicePrincipalName;range=11-*"][18]
219 # assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
221 attrs = ["servicePrincipalName;range=11-15"]
222 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
223 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
224 assertEquals(res[0]["servicePrincipalName;range=11-15"].length, 5)
225 # assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
227 attrs = ["servicePrincipalName"]
228 res = ldb.search(base_dn, "(cn=ldaptest2computer))", SCOPE_SUBTREE, attrs)
229 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
230 # print res[0]["servicePrincipalName"][18]
232 assertEquals(res[0]["servicePrincipalName"].length, 30)
233 # assertEquals(res[0]["servicePrincipalName"][18], pos_11)
237 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
238 "objectClass": ["person", "user"],
239 "cn": "LDAPtestUSER2",
240 "givenname": "testy",
243 ldb.delete("cn=ldaptestuser2,cn=users," + base_dn)
245 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
246 "objectClass": ["person", "user"],
247 "cn": "LDAPtestUSER2",
248 "givenname": "testy",
251 print "Testing Ambigious Name Resolution"
252 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
253 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
254 assert len(res) == 3, "Could not find (&(anr=ldap testy)(objectClass=user))"
256 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
257 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
258 assert len(res) == 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)
260 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
261 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
262 assert len(res) == 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
264 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
265 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
266 assert len(res) == 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
268 assertEquals(res[0].dn, ("CN=ldaptestuser,CN=Users," + base_dn))
269 assertEquals(res[0].cn, "ldaptestuser")
270 assertEquals(res[0].name, "ldaptestuser")
272 # Testing ldb.search for (&(anr=testy)(objectClass=user))
273 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
274 assert len(res) == 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)
276 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
277 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
278 assert len(res) == 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)
280 # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
281 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
282 assert len(res) == 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)
284 assertEquals(res[0].dn, ("CN=ldaptestuser,CN=Users," + base_dn))
285 assertEquals(res[0].cn, "ldaptestuser")
286 assertEquals(res[0].name, "ldaptestuser")
288 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
289 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
290 assert len(res) == 1, "Could not find (&(anr==testy ldap)(objectClass=user))"
292 assertEquals(res[0].dn, ("CN=ldaptestuser,CN=Users," + base_dn))
293 assertEquals(res[0].cn, "ldaptestuser")
294 assertEquals(res[0].name, "ldaptestuser")
296 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
297 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
298 assert len(res) == 1, "Could not find (&(anr=testy ldap user)(objectClass=user))"
300 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
301 assertEquals(res[0].cn, "ldaptestuser2")
302 assertEquals(res[0].name, "ldaptestuser2")
304 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
305 res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
306 assert len(res) == 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))"
308 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
309 assertEquals(res[0].cn, "ldaptestuser2")
310 assertEquals(res[0].name, "ldaptestuser2")
312 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
313 res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
314 assert len(res) == 1, "Could not find (&(anr==ldap user2)(objectClass=user))"
316 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
317 assertEquals(res[0].cn, "ldaptestuser2")
318 assertEquals(res[0].name, "ldaptestuser2")
320 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
321 res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
322 assert len(res) == 0, "Must not find (&(anr==not ldap user2)(objectClass=user))"
324 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
325 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
326 assert len(res) == 0, "Must not find (&(anr=not ldap user2)(objectClass=user))"
328 print "Testing Group Modifies"
330 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
333 member: cn=ldaptestuser2,cn=users,""" + base_dn + """
334 member: cn=ldaptestcomputer,cn=computers,""" + base_dn + """
337 ldb.delete("cn=ldaptestuser3,cn=users," + base_dn)
339 print "Testing adding non-existent user to a group"
342 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
345 member: cn=ldaptestuser3,cn=users,""" + base_dn + """
347 except LdbError, (num, _):
352 print "Testing Renames"
354 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
356 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
358 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn)
360 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
361 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
362 assert len(res) == 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))"
364 assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
365 assertEquals(res[0].cn, "ldaptestUSER3")
366 assertEquals(res[0].name, "ldaptestUSER3")
368 # This is a Samba special, and does not exist in real AD
369 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
370 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
371 # if (res.error != 0 || len(res) != 1) {
372 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
373 # assertEquals(len(res), 1)
375 # assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
376 # assertEquals(res[0].cn, "ldaptestUSER3")
377 # assertEquals(res[0].name, "ldaptestUSER3")
379 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
380 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
381 assert len(res) == 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
382 assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
383 assertEquals(res[0].cn, "ldaptestUSER3")
384 assertEquals(res[0].name, "ldaptestUSER3")
386 # ensure we cannot add it again
388 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + base_dn,
389 "objectClass": ["person", "user"],
390 "cn": "LDAPtestUSER3"})
391 except LdbError, (num, _):
392 assert num == 68 #LDB_ERR_ENTRY_ALREADY_EXISTS
397 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
399 # ensure we cannnot rename it twice
400 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
401 #LDB_ERR_NO_SUCH_OBJECT
402 assertEquals(ok.error, 32)
404 # ensure can now use that name
405 ok = ldb.add({"dn": "cn=ldaptestuser3,cn=users," + base_dn,
406 "objectClass": ["person", "user"],
407 "cn": "LDAPtestUSER3"})
409 # ensure we now cannnot rename
411 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
412 except LdbError, (num, _):
413 assert num == 68 #LDB_ERR_ENTRY_ALREADY_EXISTS
416 assertEquals(ok.error, 68)
418 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn)
419 except LdbError, (num, _):
420 assert num in (71, 64)
424 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn)
426 ldb.delete("cn=ldaptestuser5,cn=users," + base_dn)
428 ldb.delete("cn=ldaptestgroup2,cn=users," + base_dn)
430 ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn)
432 print "Testing subtree Renames"
434 ldb.add({"dn": "cn=ldaptestcontainer," + base_dn, "objectClass": "container"})
437 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
438 "objectClass": ["person", "user"],
439 "cn": "LDAPtestUSER4"})
441 ldb.delete("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn)
442 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
443 "objectClass": ["person", "user"],
444 "cn": "LDAPtestUSER4"})
447 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
450 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + base_dn + """
453 print "Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn
454 ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn)
456 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
457 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
458 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))"
460 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
462 res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
463 except LdbError, (num, _):
468 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
470 res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
471 except LdbError, (num, _):
476 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
477 res = ldb.search("cn=ldaptestcontainer2," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
478 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn
480 assertEquals(res[0].dn, ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
481 assertEquals(strupper(res[0].memberOf[0]), strupper(("CN=ldaptestgroup2,CN=Users," + base_dn)))
483 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
484 res = ldb.search(base_dn, "(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group))", SCOPE_SUBTREE)
485 assert len(res) == 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?"
487 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn
489 ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn)
490 except LdbError, (num, _):
491 assert num != 53 # LDAP_UNWILLING_TO_PERFORM
495 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn
497 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn)
498 except LdbError, (num, _):
499 assert num in (53, 80)
503 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn
505 ok = ldb.delete("cn=ldaptestcontainer2," + base_dn)
506 except LdbError, (num, _):
511 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn
512 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
514 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
517 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
518 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_ONELEVEL)
521 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
522 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_SUBTREE)
525 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn)
526 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
527 print "Testing delete of renamed cn=ldaptestcontainer2," + base_dn
528 ldb.delete("cn=ldaptestcontainer2," + base_dn)
531 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
532 except LdbError, (num, _):
533 ldb.delete("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn)
534 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
537 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
538 except LdbError, (num, _):
539 ldb.delete("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn)
540 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn,
541 "objectClass": "user"})
543 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
544 res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))")
545 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
547 assertEquals(res[0].dn, ("CN=ldaptestuser,CN=Users," + base_dn))
548 assertEquals(res[0].cn, "ldaptestuser")
549 assertEquals(res[0].name, "ldaptestuser")
550 assertEquals(res[0].objectClass[0], "top")
551 assertEquals(res[0].objectClass[1], "person")
552 assertEquals(res[0].objectClass[2], "organizationalPerson")
553 assertEquals(res[0].objectClass[3], "user")
554 assert("objectGUID" not in res[0])
555 assert("whenCreated" not in res[0])
556 assertEquals(res[0].objectCategory, ("CN=Person,CN=Schema,CN=Configuration," + base_dn))
557 assertEquals(res[0].sAMAccountType, 805306368)
558 # assertEquals(res[0].userAccountControl, 546)
559 assertEquals(res[0].memberOf[0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
560 assertEquals(res[0].memberOf.length, 1)
562 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
563 res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))")
564 assert len(res2) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
566 assertEquals(res[0].dn, res2.msgs[0].dn)
568 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
569 res3 = ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))")
570 assert len(res3) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + len(res3)
572 assertEquals(res[0].dn, res3.msgs[0].dn)
574 if gc_ldb is not None:
575 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
576 res3gc = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))")
577 assert len(res3gc) == 1
579 assertEquals(res[0].dn, res3gc.msgs[0].dn)
581 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
583 controls = ["search_options:1:2"]
584 res3control = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))", base_dn, ldb.SCOPE_SUBTREE, attrs, controls)
585 assert len(res3control) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
587 assertEquals(res[0].dn, res3control.msgs[0].dn)
589 ldb.delete(res[0].dn)
591 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
592 res = ldb.search("(&(cn=ldaptestcomputer)(objectClass=user))")
593 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
595 assertEquals(res[0].dn, ("CN=ldaptestcomputer,CN=Computers," + base_dn))
596 assertEquals(res[0].cn, "ldaptestcomputer")
597 assertEquals(res[0].name, "ldaptestcomputer")
598 assertEquals(res[0].objectClass[0], "top")
599 assertEquals(res[0].objectClass[1], "person")
600 assertEquals(res[0].objectClass[2], "organizationalPerson")
601 assertEquals(res[0].objectClass[3], "user")
602 assertEquals(res[0].objectClass[4], "computer")
603 assert("objectGUID" not in res[0])
604 assert("whenCreated" not in res[0])
605 assertEquals(res[0].objectCategory, ("CN=Computer,CN=Schema,CN=Configuration," + base_dn))
606 assertEquals(res[0].primaryGroupID, 513)
607 # assertEquals(res[0].sAMAccountType, 805306368)
608 # assertEquals(res[0].userAccountControl, 546)
609 assertEquals(res[0].memberOf[0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
610 assertEquals(res[0].memberOf.length, 1)
612 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
613 res2 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
614 assert len(res2) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
616 assertEquals(res[0].dn, res2.msgs[0].dn)
618 if gc_ldb is not None:
619 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
620 res2gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
621 assert len(res2gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
623 assertEquals(res[0].dn, res2gc.msgs[0].dn)
625 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
626 res3 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
627 assert len(res3) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
629 assertEquals(res[0].dn, res3.msgs[0].dn)
631 if gc_ldb is not None:
632 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
633 res3gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
634 assert len(res3gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
636 assertEquals(res[0].dn, res3gc.msgs[0].dn)
638 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
639 res4 = ldb.search("(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
640 assert len(res4) == 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
642 assertEquals(res[0].dn, res4.msgs[0].dn)
644 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
645 res5 = ldb.search("(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
646 assert len(res5) == 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
648 assertEquals(res[0].dn, res5.msgs[0].dn)
650 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
651 res6 = ldb.search("(&(cn=*daptestcomputer)(objectCategory=compuTER))")
652 assert len(res6) == 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))"
654 assertEquals(res[0].dn, res6.msgs[0].dn)
656 ldb.delete(res[0].dn)
658 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
659 res = ldb.search("(&(cn=ldaptest2computer)(objectClass=user))")
660 assert len(res) == 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))"
662 assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + base_dn))
663 assertEquals(res[0].cn, "ldaptest2computer")
664 assertEquals(res[0].name, "ldaptest2computer")
665 assertEquals(res[0].objectClass[0], "top")
666 assertEquals(res[0].objectClass[1], "person")
667 assertEquals(res[0].objectClass[2], "organizationalPerson")
668 assertEquals(res[0].objectClass[3], "user")
669 assertEquals(res[0].objectClass[4], "computer")
670 assert("objectGUID" not in res[0])
671 assert("whenCreated" not in res[0])
672 assertEquals(res[0]["objectCategory"], "cn=Computer,cn=Schema,cn=Configuration," + base_dn)
673 assertEquals(int(res[0]["sAMAccountType"]), 805306369)
674 # assertEquals(res[0].userAccountControl, 4098)
676 ldb.delete(res[0].dn)
678 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
679 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
680 res = ldb.search(base_dn, "(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
681 assert len(res) == 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))"
683 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
684 assertEquals(res[0].cn, "ldaptestuser2")
685 assertEquals(res[0].name, "ldaptestuser2")
686 assertEquals(res[0].objectClass[0], "top")
687 assertEquals(res[0].objectClass[1], "person")
688 assertEquals(res[0].objectClass[2], "organizationalPerson")
689 assertEquals(res[0].objectClass[3], "user")
690 assert("objectGUID" not in res[0])
691 assert("whenCreated" not in res[0])
692 assert("nTSecurityDescriptor" not in res[0])
693 assertEquals(res[0].memberOf[0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
695 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
696 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
697 res = ldb.search(base_dn, "(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
698 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
700 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
701 assertEquals(res[0].cn, "ldaptestgroup2")
702 assertEquals(res[0].name, "ldaptestgroup2")
703 assertEquals(res[0].objectClass[0], "top")
704 assertEquals(res[0].objectClass[1], "group")
705 assert("objectGuid" not in res[0])
706 assert("whenCreated" not in res[0])
707 assert("nTSecurityDescriptor" not in res[0])
708 assertEquals(res[0].member[0], ("CN=ldaptestuser2,CN=Users," + base_dn))
709 assertEquals(len(res[0].member), 1)
712 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
715 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
716 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
719 print "Testing Linked attribute behaviours"
721 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
727 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
730 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
731 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
735 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
741 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
744 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
745 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
749 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
752 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
755 res = ldb.search(base_dn, "(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
756 assert len(res) != 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
758 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
759 assertEquals(res[0].member[0], ("CN=ldaptestuser2,CN=Users," + base_dn))
760 assertEquals(res[0].member.length, 1)
762 ldb.delete(("CN=ldaptestuser2,CN=Users," + base_dn))
764 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
765 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
766 res = ldb.search(base_dn, "(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
767 assert len(res) != 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
769 assertEquals(res[0]["dn"], ("CN=ldaptestgroup2,CN=Users," + base_dn))
770 assert("member" not in res[0])
772 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
773 res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
774 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
776 assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn))
777 assertEquals(res[0].cn, "ldaptestutf8user èùéìòà")
778 assertEquals(res[0].name, "ldaptestutf8user èùéìòà")
779 assertEquals(res[0].objectClass[0], "top")
780 assertEquals(res[0].objectClass[1], "person")
781 assertEquals(res[0].objectClass[2], "organizationalPerson")
782 assertEquals(res[0].objectClass[3], "user")
783 assert("objectGUID" not in res[0])
784 assert("whenCreated" not in res[0])
786 ldb.delete(res[0].dn)
788 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
789 res = ldb.search("(&(cn=ldaptestutf8user2*)(objectClass=user))")
790 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))"
792 ldb.delete(res[0].dn)
794 ldb.delete(("CN=ldaptestgroup2,CN=Users," + base_dn))
796 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
797 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
799 assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
801 print "Testing that we can't get at the configuration DN from the main search base"
802 res = ldb.search(base_dn, "objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
803 assert len(res) == 0, "Got configuration DN " + res[0].dn + " which should not be able to be seen from main search base"
804 assertEquals(len(res), 0)
806 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
807 res = ldb.search(base_dn, "objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
810 if gc_ldb is not None:
811 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
813 controls = ["search_options:1:0"]
814 res = gc_ldb.search("objectClass=crossRef", base_dn, gc_ldb.SCOPE_SUBTREE, attrs, controls)
817 print "Testing that we do find configuration elements in the global catlog"
818 res = gc_ldb.search(base_dn, "objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
819 assert (len(res) > 0)
821 print "Testing that we do find configuration elements and user elements at the same time"
822 res = gc_ldb.search(base_dn, "(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
823 assert (len(res) > 0)
825 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
826 res = gc_ldb.search(configuration_dn, "objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
827 assert (len(res) > 0)
829 print "Testing that we can get at the configuration DN on the main LDAP port"
831 res = ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs)
832 assert (len(res) > 0)
834 print "Testing objectCategory canonacolisation"
836 res = ldb.search("objectCategory=ntDsDSA", configuration_dn, ldb.SCOPE_SUBTREE, attrs)
837 assert len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA"
838 assert(len(res) != 0)
841 res = ldb.search("objectCategory=CN=ntDs-DSA," + schema_dn, configuration_dn, ldb.SCOPE_SUBTREE, attrs)
842 assert len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn
843 assert(len(res) != 0)
845 print "Testing objectClass attribute order on "+ base_dn
846 res = ldb.search(expression="objectClass=domain", base=base_dn,
847 scope=SCOPE_BASE, attrs=["objectClass"])
848 assertEquals(len(res), 1)
850 assertEquals(res[0].objectClass[0], "top")
851 assertEquals(res[0].objectClass[1], "domain")
852 assertEquals(res[0].objectClass[2], "domainDNS")
857 print "Testing ldb.search for objectCategory=person"
858 res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs)
862 controls = ["domain_scope:1"]
863 print "Testing ldb.search for objectCategory=person with domain scope control"
864 res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls)
868 print "Testing ldb.search for objectCategory=user"
869 res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs)
873 controls = ["domain_scope:1"]
874 print "Testing ldb.search for objectCategory=user with domain scope control"
875 res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls)
879 print "Testing ldb.search for objectCategory=group"
880 res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs)
884 controls = ["domain_scope:1"]
885 print "Testing ldb.search for objectCategory=group with domain scope control"
886 res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls)
889 def basedn_tests(ldb, gc_ldb):
890 print "Testing for all rootDSE attributes"
891 res = ldb.search(scope=SCOPE_BASE, attrs=[])
892 assertEquals(len(res), 1)
894 print "Testing for highestCommittedUSN"
896 res = ldb.search(scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
897 assertEquals(len(res), 1)
898 assert(res[0]["highestCommittedUSN"] != 0)
900 print "Testing for netlogon via LDAP"
901 res = ldb.search(scope=SCOPE_BASE, attrs=["netlogon"])
902 assertEquals(len(res), 0)
904 print "Testing for netlogon and highestCommittedUSN via LDAP"
905 res = ldb.search(scope=SCOPE_BASE,
906 attrs=["netlogon", "highestCommittedUSN"])
907 assertEquals(len(res), 0)
909 def find_basedn(ldb):
910 res = ldb.search(scope=SCOPE_BASE, attrs=["defaultNamingContext"])
911 assertEquals(len(res), 1)
912 return res[0]["defaultNamingContext"]
914 def find_configurationdn(ldb):
915 res = ldb.search(scope=SCOPE_BASE, attrs=["configurationNamingContext"])
916 assertEquals(len(res), 1)
917 return res[0]["configurationNamingContext"]
919 def find_schemadn(ldb):
920 res = ldb.search(scope=SCOPE_BASE, attrs=["schemaNamingContext"])
921 assertEquals(len(res), 1)
922 return res[0]["schemaNamingContext"]
924 if not "://" in host:
925 host = "ldap://%s" % host
927 ldb = Ldb(host, credentials=creds, session_info=system_session(),
929 base_dn = find_basedn(ldb)
931 configuration_dn = find_configurationdn(ldb)
932 schema_dn = find_schemadn(ldb)
934 print "baseDN: %s\n" % base_dn
936 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
937 session_info=system_session(), lp=lp)
939 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
940 basedn_tests(ldb, gc_ldb)