2 exec smbscript "$0" ${1+"$@"}
4 test certin LDAP behaviours
8 var gc_ldb = ldb_init();
10 var options = GetOptions(ARGV,
13 "POPT_COMMON_CREDENTIALS");
14 if (options == undefined) {
15 println("Failed to parse options");
19 libinclude("base.js");
21 if (options.ARGV.length != 1) {
22 println("Usage: ldap.js <HOST>");
26 var host = options.ARGV[0];
28 function basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
30 println("Running basic tests");
32 ldb.del("cn=ldaptestuser,cn=users," + base_dn);
35 dn: cn=ldaptestuser,cn=uSers," + base_dn + "
41 ok = ldb.del("cn=ldaptestuser,cn=users," + base_dn);
44 assert(ok.error == 0);
47 dn: cn=ldaptestuser,cn=uSers," + base_dn + "
54 assert(ok.error == 0);
58 ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
61 dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
63 member: cn=ldaptestuser,cn=useRs," + base_dn + "
66 ok = ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
69 assert(ok.error == 0);
72 dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
74 member: cn=ldaptestuser,cn=useRs," + base_dn + "
78 assert(ok.error == 0);
83 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
88 ok = ldb.del("cn=ldaptestcomputer,cn=computers," + base_dn);
91 assert(ok.error == 0);
94 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
100 assert(ok.error == 0);
106 assert(ok.error == 0);
110 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
111 objectClass: computer
112 cn: LDAPtest2COMPUTER
113 userAccountControl: 4096
116 ok = ldb.del("cn=ldaptest2computer,cn=computers," + base_dn);
119 assert(ok.error == 0);
122 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
123 objectClass: computer
124 cn: LDAPtest2COMPUTER
125 userAccountControl: 4096
129 assert(ok.error == 0);
134 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
136 replace: servicePrincipalName
137 servicePrincipalName: host/ldaptest2computer
138 servicePrincipalName: host/ldaptest2computer
139 servicePrincipalName: cifs/ldaptest2computer
142 //LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
143 if (ok.error != 20) {
144 println("Expected error LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got :" + ok.errstr);
145 assert(ok.error == 20);
149 dn: cn=ldaptestuser2,cn=useRs," + base_dn + "
155 ok = ldb.del("cn=ldaptestuser2,cn=users," + base_dn);
158 assert(ok.error == 0);
161 dn: cn=ldaptestuser2,cn=useRs," + base_dn + "
168 assert(ok.error == 0);
172 println("Testing Group Modifies");
174 dn: cn=ldaptestgroup,cn=users," + base_dn + "
177 member: cn=ldaptestuser2,cn=users," + base_dn + "
178 member: cn=ldaptestcomputer,cn=computers," + base_dn + "
183 assert(ok.error == 0);
186 ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
188 println("Testing Renames");
190 ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
192 println("Could not rename cn=ldaptestuser2,cn=users," + base_dn + " into cn=ldaptestuser3,cn=users," + base_dn + ": " + ok.errstr);
193 assert(ok.error == 0);
196 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
198 println("Could not rename cn=ldaptestuser3,cn=users," + base_dn + " onto itself: " + ok.errstr);
199 assert(ok.error == 0);
202 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn);
204 println("Could not rename cn=ldaptestuser3,cn=users," + base_dn + " into cn=ldaptestUSER3,cn=users," + base_dn + ": " + ok.errstr);
205 assert(ok.error == 0);
208 println("Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))");
209 var res = ldb.search("(&(cn=ldaptestuser3)(objectClass=user))");
210 if (res.error != 0 || res.msgs.length != 1) {
211 println("Could not find (&(cn=ldaptestuser3)(objectClass=user))");
212 assert(res.error == 0);
213 assert(res.msgs.length == 1);
216 assert(res.msgs[0].dn == ("CN=ldaptestUSER3,CN=Users," + base_dn));
217 assert(res.msgs[0].cn == "ldaptestUSER3");
218 assert(res.msgs[0].name == "ldaptestUSER3");
220 // ensure we cannot add it again
222 dn: cn=ldaptestuser3,cn=userS," + base_dn + "
227 //LDB_ERR_ENTRY_ALREADY_EXISTS
228 if (ok.error != 68) {
229 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
230 assert(ok.error == 68);
234 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
237 assert(ok.error == 0);
240 // ensure we cannnot rename it twice
241 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
242 //LDB_ERR_NO_SUCH_OBJECT
243 assert(ok.error == 32);
245 // ensure can now use that name
247 dn: cn=ldaptestuser3,cn=users," + base_dn + "
253 // ensure we now cannnot rename
254 ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
255 //LDB_ERR_ENTRY_ALREADY_EXISTS
256 if (ok.error != 68) {
257 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
258 assert(ok.error == 68);
260 assert(ok.error == 68);
261 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn);
262 if (ok.error != 71 && ok.error != 64) {
263 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS or LDAP_NAMING_VIOLATION, got: " + ok.errstr);
264 assert(ok.error == 71 || ok.error == 64);
266 assert(ok.error == 71 || ok.error == 64);
268 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn);
271 assert(ok.error == 0);
274 ok = ldb.del("cn=ldaptestuser5,cn=users," + base_dn);
276 ok = ldb.del("cn=ldaptestgroup2,cn=users," + base_dn);
278 ok = ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn);
281 assert(ok.error == 0);
284 println("Testing subtree Renames");
287 dn: cn=ldaptestcontainer," + base_dn + "
288 objectClass: container
292 dn: CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn + "
298 ok = ldb.del("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn);
301 assert(ok.error == 0);
304 dn: CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn + "
311 assert(ok.error == 0);
315 println("Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn);
316 ok = ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn);
319 assert(ok.error == 0);
322 println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))");
323 var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))");
324 if (res.error != 0 || res.msgs.length != 1) {
325 println("Could not find (&(cn=ldaptestuser4)(objectClass=user))");
326 assert(res.error == 0);
327 assert(res.msgs.length == 1);
330 assert(res.msgs[0].dn == ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn));
332 println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container");
333 var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))", "cn=ldaptestcontainer2," + base_dn, ldb.SCOPE_SUBTREE);
334 if (res.error != 0 || res.msgs.length != 1) {
335 println("Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn);
336 assert(res.error == 0);
337 assert(res.msgs.length == 1);
340 assert(res.msgs[0].dn == ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn));
342 println("Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
343 ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
344 if (ok.error != 53) { /* LDAP_UNWILLING_TO_PERFORM */
346 assert(ok.error == 53);
349 println("Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn);
350 ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn);
351 if (ok.error != 53 && ok.error != 80) { /* LDAP_UNWILLING_TO_PERFORM or LDAP_OTHER*/
353 assert(ok.error == 53 || ok.error == 80);
356 println("Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn);
357 ok = ldb.del("cn=ldaptestcontainer2," + base_dn);
358 if (ok.error != 66) { /* LDB_ERR_NOT_ALLOWED_ON_NON_LEAF */
360 assert(ok.error == 66);
362 println("Testing delete of subtree renamed "+res.msgs[0].dn);
363 ok = ldb.del(res.msgs[0].dn);
366 assert(ok.error == 0);
368 println("Testing delete of renamed cn=ldaptestcontainer2," + base_dn);
369 ok = ldb.del("cn=ldaptestcontainer2," + base_dn);
372 assert(ok.error == 0);
376 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
380 ok = ldb.del("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn);
383 assert(ok.error == 0);
386 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
391 assert(ok.error == 0);
396 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
400 ok = ldb.del("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn);
403 assert(ok.error == 0);
406 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
411 assert(ok.error == 0);
415 println("Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))");
416 var res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))");
417 if (res.error != 0 || res.msgs.length != 1) {
418 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
419 assert(res.error == 0);
420 assert(res.msgs.length == 1);
423 assert(res.msgs[0].dn == ("CN=ldaptestuser,CN=Users," + base_dn));
424 assert(res.msgs[0].cn == "ldaptestuser");
425 assert(res.msgs[0].name == "ldaptestuser");
426 assert(res.msgs[0].objectClass[0] == "top");
427 assert(res.msgs[0].objectClass[1] == "person");
428 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
429 assert(res.msgs[0].objectClass[3] == "user");
430 assert(res.msgs[0].objectGUID != undefined);
431 assert(res.msgs[0].whenCreated != undefined);
432 assert(res.msgs[0].objectCategory == ("CN=Person,CN=Schema,CN=Configuration," + base_dn));
433 assert(res.msgs[0].sAMAccountType == 805306368);
434 // assert(res[0].userAccountControl == 546);
436 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
437 var res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
438 if (res2.error != 0 || res2.msgs.length != 1) {
439 println("Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
440 assert(res2.error == 0);
441 assert(res2.msgs.length == 1);
444 assert(res.msgs[0].dn == res2.msgs[0].dn);
446 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))");
447 var res3 = ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
448 if (res3.error != 0) {
449 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): " + res3.errstr);
450 assert(res3.error == 0);
451 } else if (res3.msgs.length != 1) {
452 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + res3.msgs.length);
453 assert(res3.msgs.length == 1);
456 assert(res.msgs[0].dn == res3.msgs[0].dn);
458 if (gc_ldb != undefined) {
459 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
460 var res3gc = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
461 if (res3gc.error != 0) {
462 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: " + res3gc.errstr);
463 assert(res3gc.error == 0);
464 } else if (res3gc.msgs.length != 1) {
465 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: matched " + res3gc.msgs.length);
466 assert(res3gc.msgs.length == 1);
469 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
472 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control");
473 var attrs = new Array("cn");
474 var controls = new Array("search_options:1:2");
475 var res3control = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
476 if (res3control.error != 0 || res3control.msgs.length != 1) {
477 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
478 assert(res3control.error == 0);
479 assert(res3control.msgs.length == 1);
482 assert(res.msgs[0].dn == res3control.msgs[0].dn);
484 ok = ldb.del(res.msgs[0].dn);
487 assert(ok.error == 0);
490 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))");
491 var res = ldb.search("(&(cn=ldaptestcomputer)(objectClass=user))");
492 if (res.error != 0 || res.msgs.length != 1) {
493 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
494 assert(res.error == 0);
495 assert(res.msgs.length == 1);
498 assert(res.msgs[0].dn == ("CN=ldaptestcomputer,CN=Computers," + base_dn));
499 assert(res.msgs[0].cn == "ldaptestcomputer");
500 assert(res.msgs[0].name == "ldaptestcomputer");
501 assert(res.msgs[0].objectClass[0] == "top");
502 assert(res.msgs[0].objectClass[1] == "person");
503 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
504 assert(res.msgs[0].objectClass[3] == "user");
505 assert(res.msgs[0].objectClass[4] == "computer");
506 assert(res.msgs[0].objectGUID != undefined);
507 assert(res.msgs[0].whenCreated != undefined);
508 assert(res.msgs[0].objectCategory == ("CN=Computer,CN=Schema,CN=Configuration," + base_dn));
509 assert(res.msgs[0].primaryGroupID == 513);
510 // assert(res.msgs[0].sAMAccountType == 805306368);
511 // assert(res.msgs[0].userAccountControl == 546);
513 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
514 var res2 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
515 if (res2.error != 0 || res2.msgs.length != 1) {
516 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
517 assert(res2.error == 0);
518 assert(res2.msgs.length == 1);
521 assert(res.msgs[0].dn == res2.msgs[0].dn);
523 if (gc_ldb != undefined) {
524 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
525 var res2gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
526 if (res2gc.error != 0 || res2gc.msgs.length != 1) {
527 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
528 assert(res2gc.error == 0);
529 assert(res2gc.msgs.length == 1);
532 assert(res.msgs[0].dn == res2gc.msgs[0].dn);
535 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
536 var res3 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
537 if (res3.error != 0 || res3.msgs.length != 1) {
538 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
539 assert(res3.error == 0);
540 assert(res3.msgs.length == 1);
543 assert(res.msgs[0].dn == res3.msgs[0].dn);
545 if (gc_ldb != undefined) {
546 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
547 var res3gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
548 if (res3gc.error != 0 || res3gc.msgs.length != 1) {
549 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
550 assert(res3gc.error == 0);
551 assert(res3gc.msgs.length == 1);
554 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
557 println("Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
558 var res4 = ldb.search("(&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
559 if (res4.error != 0 || res4.msgs.length != 1) {
560 println("Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
561 assert(res4.error == 0);
562 assert(res4.msgs.length == 1);
565 assert(res.msgs[0].dn == res4.msgs[0].dn);
567 println("Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
568 var res5 = ldb.search("(&(cn=ldaptestcomput*)(objectCategory=compuTER))");
569 if (res5.error != 0 || res5.msgs.length != 1) {
570 println("Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
571 assert(res5.error == 0);
572 assert(res5.msgs.length == 1);
575 assert(res.msgs[0].dn == res5.msgs[0].dn);
577 println("Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))");
578 var res6 = ldb.search("(&(cn=*daptestcomputer)(objectCategory=compuTER))");
579 if (res6.error != 0 || res6.msgs.length != 1) {
580 println("Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))");
581 assert(res6.error == 0);
582 assert(res6.msgs.length == 1);
585 assert(res.msgs[0].dn == res6.msgs[0].dn);
587 ok = ldb.del(res.msgs[0].dn);
590 assert(ok.error == 0);
593 println("Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))");
594 var res = ldb.search("(&(cn=ldaptest2computer)(objectClass=user))");
595 if (res.error != 0 || res.msgs.length != 1) {
596 println("Could not find (&(cn=ldaptest2computer)(objectClass=user))");
597 assert(res.error == 0);
598 assert(res.msgs.length == 1);
601 assert(res.msgs[0].dn == ("CN=ldaptest2computer,CN=Computers," + base_dn));
602 assert(res.msgs[0].cn == "ldaptest2computer");
603 assert(res.msgs[0].name == "ldaptest2computer");
604 assert(res.msgs[0].objectClass[0] == "top");
605 assert(res.msgs[0].objectClass[1] == "person");
606 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
607 assert(res.msgs[0].objectClass[3] == "user");
608 assert(res.msgs[0].objectClass[4] == "computer");
609 assert(res.msgs[0].objectGUID != undefined);
610 assert(res.msgs[0].whenCreated != undefined);
611 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
612 assert(res.msgs[0].sAMAccountType == 805306369);
613 // assert(res.msgs[0].userAccountControl == 4098);
616 ok = ldb.del(res.msgs[0].dn);
619 assert(ok.error == 0);
622 var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf");
623 println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
624 var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs);
625 if (res.error != 0 || res.msgs.length != 1) {
626 println("Could not find (&(cn=ldaptestUSer2)(objectClass=user))");
627 assert(res.error == 0);
628 assert(res.msgs.length == 1);
631 assert(res.msgs[0].dn == ("CN=ldaptestuser2,CN=Users," + base_dn));
632 assert(res.msgs[0].cn == "ldaptestuser2");
633 assert(res.msgs[0].name == "ldaptestuser2");
634 assert(res.msgs[0].objectClass[0] == "top");
635 assert(res.msgs[0].objectClass[1] == "person");
636 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
637 assert(res.msgs[0].objectClass[3] == "user");
638 assert(res.msgs[0].objectGUID != undefined);
639 assert(res.msgs[0].whenCreated != undefined);
640 assert(res.msgs[0].nTSecurityDescriptor != undefined);
641 assert(res.msgs[0].memberOf[0] == ("CN=ldaptestgroup2,CN=Users," + base_dn));
643 ok = ldb.del(res.msgs[0].dn);
646 assert(ok.error == 0);
649 println("Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
650 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
652 if (res.error != 0 || res.msgs.length != 1) {
653 println("Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
654 assert(res.error == 0);
655 assert(res.msgs.length == 1);
658 assert(res.msgs[0].dn == ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn));
659 assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà");
660 assert(res.msgs[0].name == "ldaptestutf8user èùéìòà");
661 assert(res.msgs[0].objectClass[0] == "top");
662 assert(res.msgs[0].objectClass[1] == "person");
663 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
664 assert(res.msgs[0].objectClass[3] == "user");
665 assert(res.msgs[0].objectGUID != undefined);
666 assert(res.msgs[0].whenCreated != undefined);
668 ok = ldb.del(res.msgs[0].dn);
671 assert(ok.error == 0);
674 ok = ldb.del(("CN=ldaptestgroup2,CN=Users," + base_dn))
677 assert(ok.error == 0);
680 println("Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
681 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
683 if (res.error != 0 || res.msgs.length != 1) {
684 println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
686 assert(res.msgs[0].dn == ("cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn));
687 assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà");
690 println("Testing that we can't get at the configuration DN from the main search base");
691 var attrs = new Array("cn");
692 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
693 assert(res.error == 0);
694 if (res.msgs.length != 0) {
695 println("Got configuration DN " + res.msgs[0].dn + " which should not be able to be seen from main search base");
697 assert(res.msgs.length == 0);
699 println("Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control");
700 var attrs = new Array("cn");
701 var controls = new Array("search_options:1:2");
702 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
703 assert(res.error == 0);
704 assert(res.msgs.length > 0);
706 if (gc_ldb != undefined) {
707 println("Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0");
708 var attrs = new Array("cn");
709 var controls = new Array("search_options:1:0");
710 var res = gc_ldb.search("objectClass=crossRef", base_dn, gc_ldb.SCOPE_SUBTREE, attrs, controls);
711 assert(res.error == 0);
712 assert(res.msgs.length > 0);
714 println("Testing that we do find configuration elements in the global catlog");
715 var attrs = new Array("cn");
716 var res = gc_ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
717 assert(res.error == 0);
718 assert (res.msgs.length > 0);
720 println("Testing that we do find configuration elements and user elements at the same time");
721 var attrs = new Array("cn");
722 var res = gc_ldb.search("(|(objectClass=crossRef)(objectClass=person))", base_dn, ldb.SCOPE_SUBTREE, attrs);
723 assert(res.error == 0);
724 assert (res.msgs.length > 0);
726 println("Testing that we do find configuration elements in the global catlog, with the configuration basedn");
727 var attrs = new Array("cn");
728 var res = gc_ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
729 assert(res.error == 0);
730 assert (res.msgs.length > 0);
733 println("Testing that we can get at the configuration DN on the main LDAP port");
734 var attrs = new Array("cn");
735 var res = ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
736 assert(res.error == 0);
737 assert (res.msgs.length > 0);
739 println("Testing objectCategory canonacolisation");
740 var attrs = new Array("cn");
741 var res = ldb.search("objectCategory=ntDsDSA", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
742 assert(res.error == 0);
743 if (res.msgs.length == 0) {
744 println("Didn't find any records with objectCategory=ntDsDSA");
746 assert(res.msgs.length != 0);
748 var attrs = new Array("cn");
749 var res = ldb.search("objectCategory=CN=ntDs-DSA," + schema_dn, configuration_dn, ldb.SCOPE_SUBTREE, attrs);
750 assert(res.error == 0);
751 if (res.msgs.length == 0) {
752 println("Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn);
754 assert(res.msgs.length != 0);
756 println("Testing objectClass attribute order on "+ base_dn);
757 var attrs = new Array("objectClass");
758 var res = ldb.search("objectClass=domain", base_dn, ldb.SCOPE_BASE, attrs);
759 assert(res.error == 0);
760 assert(res.msgs.length == 1);
762 assert(res.msgs[0].objectClass[0] == "top");
763 assert(res.msgs[0].objectClass[1] == "domain");
764 assert(res.msgs[0].objectClass[2] == "domainDNS");
768 var attrs = new Array("cn");
769 println("Testing ldb.search for objectCategory=person");
770 var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs);
771 assert(res.error == 0);
772 assert(res.msgs.length > 0);
774 var attrs = new Array("cn");
775 var controls = new Array("domain_scope:1");
776 println("Testing ldb.search for objectCategory=person with domain scope control");
777 var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
778 assert(res.error == 0);
779 assert(res.msgs.length > 0);
781 var attrs = new Array("cn");
782 println("Testing ldb.search for objectCategory=user");
783 var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs);
784 assert(res.error == 0);
785 assert(res.msgs.length > 0);
787 var attrs = new Array("cn");
788 var controls = new Array("domain_scope:1");
789 println("Testing ldb.search for objectCategory=user with domain scope control");
790 var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
791 assert(res.error == 0);
792 assert(res.msgs.length > 0);
794 var attrs = new Array("cn");
795 println("Testing ldb.search for objectCategory=group");
796 var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs);
797 assert(res.error == 0);
798 assert(res.msgs.length > 0);
800 var attrs = new Array("cn");
801 var controls = new Array("domain_scope:1");
802 println("Testing ldb.search for objectCategory=group with domain scope control");
803 var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
804 assert(res.error == 0);
805 assert(res.msgs.length > 0);
809 function basedn_tests(ldb, gc_ldb)
811 println("Testing for all rootDSE attributes");
812 var attrs = new Array();
813 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
814 assert(res.error == 0);
815 assert(res.msgs.length == 1);
817 println("Testing for highestCommittedUSN");
818 var attrs = new Array("highestCommittedUSN");
819 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
820 assert(res.error == 0);
821 assert(res.msgs.length == 1);
822 assert(res.msgs[0].highestCommittedUSN != undefined);
823 assert(res.msgs[0].highestCommittedUSN != 0);
825 println("Testing for netlogon via LDAP");
826 var attrs = new Array("netlogon");
827 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
828 assert(res.error == 0);
829 assert(res.msgs.length == 0);
831 println("Testing for netlogon and highestCommittedUSN via LDAP");
832 var attrs = new Array("netlogon", "highestCommittedUSN");
833 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
834 assert(res.error == 0);
835 assert(res.msgs.length == 0);
838 function find_basedn(ldb)
840 var attrs = new Array("defaultNamingContext");
841 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
842 assert(res.error == 0);
843 assert(res.msgs.length == 1);
844 return res.msgs[0].defaultNamingContext;
847 function find_configurationdn(ldb)
849 var attrs = new Array("configurationNamingContext");
850 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
851 assert(res.error == 0);
852 assert(res.msgs.length == 1);
853 return res.msgs[0].configurationNamingContext;
856 function find_schemadn(ldb)
858 var attrs = new Array("schemaNamingContext");
859 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
860 assert(res.error == 0);
861 assert(res.msgs.length == 1);
862 return res.msgs[0].schemaNamingContext;
865 /* use command line creds if available */
866 ldb.credentials = options.get_credentials();
867 gc_ldb.credentials = options.get_credentials();
869 var ok = ldb.connect("ldap://" + host);
870 var base_dn = find_basedn(ldb);
871 var configuration_dn = find_configurationdn(ldb);
872 var schema_dn = find_schemadn(ldb);
874 printf("baseDN: %s\n", base_dn);
876 var ok = gc_ldb.connect("ldap://" + host + ":3268");
881 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
883 basedn_tests(ldb, gc_ldb)