2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
9 # Add path to the library for in-tree use
10 sys.path.append("scripting/python")
11 import samba.getopt as options
13 from auth import system_session
14 from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
15 LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
16 LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
17 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
21 parser = optparse.OptionParser("ldap [options] <host>")
22 parser.add_option_group(options.SambaOptions(parser))
23 parser.add_option_group(options.VersionOptions(parser))
24 # use command line creds if available
25 credopts = options.CredentialsOptions(parser)
26 parser.add_option_group(credopts)
27 creds = credopts.get_credentials()
28 opts, args = parser.parse_args()
38 lp.load(opts.configfile)
40 def delete_force(ldb, dn):
43 except LdbError, (num, _):
44 if num != LDB_ERR_NO_SUCH_OBJECT:
47 def assertEquals(a1, a2):
48 assert a1 == a2, "Expected %r == %r" % (a1, a2)
50 def basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn):
51 print "Running basic tests"
53 delete_force(ldb, "cn=ldaptestuser,cn=users," + base_dn)
54 delete_force(ldb, "cn=ldaptestgroup,cn=users," + base_dn)
56 print "Testing group add with invalid member"
59 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
60 "objectclass": "group",
61 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
62 except LdbError, (num, _):
63 if num != LDB_ERR_NO_SUCH_OBJECT:
68 print "Testing user add"
71 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
72 "objectclass": ["user", "person"],
77 ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
79 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
80 "objectclass": ["user", "person"],
86 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
87 "objectclass": "group",
88 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
92 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
93 "objectclass": "computer",
94 "cN": "LDAPtestCOMPUTER"})
96 ldb.delete("cn=ldaptestcomputer,cn=computers," + base_dn)
98 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
99 "objectClass": "computer",
100 "cn": "LDAPtestCOMPUTER"})
103 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + base_dn,
104 "objectClass": "computer",
105 "cn": "LDAPtest2COMPUTER",
106 "userAccountControl": "4096",
107 "displayname": "ldap testy"})
109 ldb.delete("cn=ldaptest2computer,cn=computers," + base_dn)
111 "dn": "cn=ldaptest2computer,cn=computers," + base_dn,
112 "objectClass": "computer",
113 "cn": "LDAPtest2COMPUTER",
114 "userAccountControl": "4096",
115 "displayname": "ldap testy"})
117 print "Testing attribute or value exists behaviour"
120 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
122 replace: servicePrincipalName
123 servicePrincipalName: host/ldaptest2computer
124 servicePrincipalName: host/ldaptest2computer
125 servicePrincipalName: cifs/ldaptest2computer
127 except LdbError, (num, msg):
128 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
131 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
133 replace: servicePrincipalName
134 servicePrincipalName: host/ldaptest2computer
135 servicePrincipalName: cifs/ldaptest2computer
139 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
141 add: servicePrincipalName
142 servicePrincipalName: host/ldaptest2computer
144 except LdbError, (num, msg):
145 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
147 print "Testing ranged results"
149 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
151 replace: servicePrincipalName
155 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
157 add: servicePrincipalName
158 servicePrincipalName: host/ldaptest2computer0
159 servicePrincipalName: host/ldaptest2computer1
160 servicePrincipalName: host/ldaptest2computer2
161 servicePrincipalName: host/ldaptest2computer3
162 servicePrincipalName: host/ldaptest2computer4
163 servicePrincipalName: host/ldaptest2computer5
164 servicePrincipalName: host/ldaptest2computer6
165 servicePrincipalName: host/ldaptest2computer7
166 servicePrincipalName: host/ldaptest2computer8
167 servicePrincipalName: host/ldaptest2computer9
168 servicePrincipalName: host/ldaptest2computer10
169 servicePrincipalName: host/ldaptest2computer11
170 servicePrincipalName: host/ldaptest2computer12
171 servicePrincipalName: host/ldaptest2computer13
172 servicePrincipalName: host/ldaptest2computer14
173 servicePrincipalName: host/ldaptest2computer15
174 servicePrincipalName: host/ldaptest2computer16
175 servicePrincipalName: host/ldaptest2computer17
176 servicePrincipalName: host/ldaptest2computer18
177 servicePrincipalName: host/ldaptest2computer19
178 servicePrincipalName: host/ldaptest2computer20
179 servicePrincipalName: host/ldaptest2computer21
180 servicePrincipalName: host/ldaptest2computer22
181 servicePrincipalName: host/ldaptest2computer23
182 servicePrincipalName: host/ldaptest2computer24
183 servicePrincipalName: host/ldaptest2computer25
184 servicePrincipalName: host/ldaptest2computer26
185 servicePrincipalName: host/ldaptest2computer27
186 servicePrincipalName: host/ldaptest2computer28
187 servicePrincipalName: host/ldaptest2computer29
190 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
191 attrs=["servicePrincipalName;range=0-*"])
192 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
193 #print len(res[0]["servicePrincipalName;range=0-*"])
194 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
196 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
197 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
198 # print res[0]["servicePrincipalName;range=0-19"].length
199 assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
202 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
203 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
204 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
206 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
207 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
208 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
210 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
211 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
212 assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
215 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
216 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
217 assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
218 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
220 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
221 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
222 assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
223 # print res[0]["servicePrincipalName;range=11-*"][18]
225 # assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
227 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
228 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
229 assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
230 # assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
232 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
233 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
234 # print res[0]["servicePrincipalName"][18]
236 assertEquals(len(res[0]["servicePrincipalName"]), 30)
237 # assertEquals(res[0]["servicePrincipalName"][18], pos_11)
241 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
242 "objectClass": ["person", "user"],
243 "cn": "LDAPtestUSER2",
244 "givenname": "testy",
247 ldb.delete("cn=ldaptestuser2,cn=users," + base_dn)
249 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
250 "objectClass": ["person", "user"],
251 "cn": "LDAPtestUSER2",
252 "givenname": "testy",
255 print "Testing Ambigious Name Resolution"
256 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
257 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
258 assert len(res) == 3, "Could not find (&(anr=ldap testy)(objectClass=user))"
260 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
261 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
262 assert len(res) == 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)
264 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
265 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
266 assert len(res) == 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
268 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
269 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
270 assert len(res) == 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
272 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
273 assertEquals(res[0]["cn"][0], "ldaptestuser")
274 assertEquals(res[0]["name"], "ldaptestuser")
276 # Testing ldb.search for (&(anr=testy)(objectClass=user))
277 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
278 assert len(res) == 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)
280 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
281 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
282 assert len(res) == 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)
284 # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
285 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
286 assert len(res) == 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)
288 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
289 assertEquals(res[0]["cn"][0], "ldaptestuser")
290 assertEquals(res[0]["name"][0], "ldaptestuser")
292 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
293 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
294 assert len(res) == 1, "Could not find (&(anr==testy ldap)(objectClass=user))"
296 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
297 assertEquals(res[0]["cn"][0], "ldaptestuser")
298 assertEquals(res[0]["name"][0], "ldaptestuser")
300 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
301 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
302 assert len(res) == 1, "Could not find (&(anr=testy ldap user)(objectClass=user))"
304 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
305 assertEquals(res[0]["cn"], "ldaptestuser2")
306 assertEquals(res[0]["name"], "ldaptestuser2")
308 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
309 res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
310 assert len(res) == 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))"
312 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
313 assertEquals(res[0]["cn"], "ldaptestuser2")
314 assertEquals(res[0]["name"], "ldaptestuser2")
316 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
317 res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
318 assert len(res) == 1, "Could not find (&(anr==ldap user2)(objectClass=user))"
320 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
321 assertEquals(res[0]["cn"], "ldaptestuser2")
322 assertEquals(res[0]["name"], "ldaptestuser2")
324 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
325 res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
326 assert len(res) == 0, "Must not find (&(anr==not ldap user2)(objectClass=user))"
328 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
329 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
330 assert len(res) == 0, "Must not find (&(anr=not ldap user2)(objectClass=user))"
332 print "Testing Group Modifies"
334 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
337 member: cn=ldaptestuser2,cn=users,""" + base_dn + """
338 member: cn=ldaptestcomputer,cn=computers,""" + base_dn + """
341 delete_force(ldb, "cn=ldaptestuser3,cn=users," + base_dn)
343 print "Testing adding non-existent user to a group"
346 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
349 member: cn=ldaptestuser3,cn=users,""" + base_dn + """
351 except LdbError, (num, _):
352 assert num == LDB_ERR_NO_SUCH_OBJECT
356 print "Testing Renames"
358 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
360 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
362 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn)
364 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
365 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
366 assert len(res) == 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))"
368 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
369 assertEquals(res[0]["cn"], "ldaptestUSER3")
370 assertEquals(res[0]["name"], "ldaptestUSER3")
372 # This is a Samba special, and does not exist in real AD
373 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
374 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
375 # if (res.error != 0 || len(res) != 1) {
376 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
377 # assertEquals(len(res), 1)
379 # assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
380 # assertEquals(res[0].cn, "ldaptestUSER3")
381 # assertEquals(res[0].name, "ldaptestUSER3")
383 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
384 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
385 assert len(res) == 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
386 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
387 assertEquals(res[0]["cn"], "ldaptestUSER3")
388 assertEquals(res[0]["name"], "ldaptestUSER3")
390 # ensure we cannot add it again
392 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + base_dn,
393 "objectClass": ["person", "user"],
394 "cn": "LDAPtestUSER3"})
395 except LdbError, (num, _):
396 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
401 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
403 # ensure we cannnot rename it twice
405 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
406 except LdbError, (num, _):
407 assert num == LDB_ERR_NO_SUCH_OBJECT
411 # ensure can now use that name
412 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + base_dn,
413 "objectClass": ["person", "user"],
414 "cn": "LDAPtestUSER3"})
416 # ensure we now cannnot rename
418 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
419 except LdbError, (num, _):
420 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
424 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn)
425 except LdbError, (num, _):
426 assert num in (71, 64)
430 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn)
432 ldb.delete("cn=ldaptestuser5,cn=users," + base_dn)
434 delete_force(ldb, "cn=ldaptestgroup2,cn=users," + base_dn)
436 ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn)
438 print "Testing subtree Renames"
440 ldb.add({"dn": "cn=ldaptestcontainer," + base_dn,
441 "objectClass": "container"})
444 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
445 "objectClass": ["person", "user"],
446 "cn": "LDAPtestUSER4"})
448 ldb.delete("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn)
449 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
450 "objectClass": ["person", "user"],
451 "cn": "LDAPtestUSER4"})
454 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
457 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + base_dn + """
460 print "Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn
461 ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn)
463 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
464 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
465 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))"
467 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
469 ldb.search("cn=ldaptestcontainer," + base_dn,
470 expression="(&(cn=ldaptestuser4)(objectClass=user))",
472 except LdbError, (num, _):
473 assert num == LDB_ERR_NO_SUCH_OBJECT
477 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
479 res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
480 except LdbError, (num, _):
481 assert num == LDB_ERR_NO_SUCH_OBJECT
485 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
486 res = ldb.search("cn=ldaptestcontainer2," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
487 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn
489 assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
490 assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + base_dn).upper())
492 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
493 res = ldb.search(base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
494 assert len(res) == 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?"
496 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn
498 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn)
499 except LdbError, (num, _):
500 assert num == LDB_ERR_UNWILLING_TO_PERFORM
504 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn
506 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn)
507 except LdbError, (num, _):
508 assert num in (53, 80)
512 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn
514 ldb.delete("cn=ldaptestcontainer2," + base_dn)
515 except LdbError, (num, _):
516 assert num == LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
520 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn
521 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
523 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
526 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
527 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_ONELEVEL)
528 # FIXME: assert len(res) == 0
530 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
531 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_SUBTREE)
532 #FIXME: assert len(res) == 0
534 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn)
535 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
536 print "Testing delete of renamed cn=ldaptestcontainer2," + base_dn
537 ldb.delete("cn=ldaptestcontainer2," + base_dn)
540 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
541 except LdbError, (num, _):
542 ldb.delete("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn)
543 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
546 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
547 except LdbError, (num, _):
548 ldb.delete("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn)
549 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn,
550 "objectClass": "user"})
552 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
553 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
554 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
556 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
557 assertEquals(res[0]["cn"], "ldaptestuser")
558 assertEquals(res[0]["name"], "ldaptestuser")
559 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
560 assert("objectGUID" in res[0])
561 assert("whenCreated" in res[0])
562 assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + base_dn))
563 assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
564 # assertEquals(res[0].userAccountControl, 546)
565 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
566 assertEquals(len(res[0]["memberOf"]), 1)
568 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
569 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))")
570 assert len(res2) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
572 assertEquals(res[0].dn, res2[0].dn)
574 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
575 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
576 assert len(res3) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + len(res3)
578 assertEquals(res[0].dn, res3[0].dn)
580 if gc_ldb is not None:
581 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
582 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
583 assert len(res3gc) == 1
585 assertEquals(res[0].dn, res3gc[0].dn)
587 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
589 res3control = gc_ldb.search(base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
590 assert len(res3control) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
592 assertEquals(res[0].dn, res3control[0].dn)
594 ldb.delete(res[0].dn)
596 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
597 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
598 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
600 assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + base_dn))
601 assertEquals(res[0]["cn"], "ldaptestcomputer")
602 assertEquals(res[0]["name"], "ldaptestcomputer")
603 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
604 assert("objectGUID" in res[0])
605 assert("whenCreated" in res[0])
606 assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + base_dn))
607 assertEquals(int(res[0]["primaryGroupID"][0]), 513)
608 # assertEquals(res[0].sAMAccountType, 805306368)
609 # assertEquals(res[0].userAccountControl, 546)
610 assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + base_dn)
611 assertEquals(len(res[0]["memberOf"]), 1)
613 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
614 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
615 assert len(res2) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
617 assertEquals(res[0].dn, res2[0].dn)
619 if gc_ldb is not None:
620 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
621 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
622 assert len(res2gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
624 assertEquals(res[0].dn, res2gc[0].dn)
626 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
627 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
628 assert len(res3) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
630 assertEquals(res[0].dn, res3[0].dn)
632 if gc_ldb is not None:
633 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
634 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
635 assert len(res3gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
637 assertEquals(res[0].dn, res3gc[0].dn)
639 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
640 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
641 assert len(res4) == 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
643 assertEquals(res[0].dn, res4[0].dn)
645 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
646 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
647 assert len(res5) == 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
649 assertEquals(res[0].dn, res5[0].dn)
651 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
652 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
653 assert len(res6) == 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))"
655 assertEquals(res[0].dn, res6[0].dn)
657 ldb.delete(res[0].dn)
659 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
660 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
661 assert len(res) == 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))"
663 assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + base_dn))
664 assertEquals(res[0]["cn"], "ldaptest2computer")
665 assertEquals(res[0]["name"], "ldaptest2computer")
666 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
667 assert("objectGUID" in res[0])
668 assert("whenCreated" in res[0])
669 assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + base_dn)
670 assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
671 # assertEquals(res[0].userAccountControl, 4098)
673 ldb.delete(res[0].dn)
675 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
676 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
677 res = ldb.search(base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
678 assert len(res) == 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))"
680 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
681 assertEquals(res[0]["cn"], "ldaptestuser2")
682 assertEquals(res[0]["name"], "ldaptestuser2")
683 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
684 assert("objectGUID" in res[0])
685 assert("whenCreated" in res[0])
686 assert("nTSecurityDescriptor" in res[0])
687 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
689 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
690 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
691 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
692 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
694 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
695 assertEquals(res[0]["cn"], "ldaptestgroup2")
696 assertEquals(res[0]["name"], "ldaptestgroup2")
697 assertEquals(res[0]["objectClass"], ["top", "group"])
698 assert("objectGuid" not in res[0])
699 assert("whenCreated" in res[0])
700 assert("nTSecurityDescriptor" in res[0])
701 assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + base_dn])
704 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
707 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
708 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
711 print "Testing Linked attribute behaviours"
713 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
719 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
722 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
723 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
727 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
733 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
736 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
737 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
741 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
744 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
747 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
748 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
750 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
751 assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + base_dn))
752 assertEquals(len(res[0]["member"]), 1)
754 ldb.delete(("CN=ldaptestuser2,CN=Users," + base_dn))
756 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
757 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
758 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
759 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
761 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
762 assert("member" not in res[0])
764 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
765 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
766 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
768 assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn))
769 assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
770 assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
771 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
772 assert("objectGUID" in res[0])
773 assert("whenCreated" in res[0])
775 ldb.delete(res[0].dn)
777 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
778 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
779 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))"
781 ldb.delete(res[0].dn)
783 ldb.delete(("CN=ldaptestgroup2,CN=Users," + base_dn))
785 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
786 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
788 #FIXME: assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
790 print "Testing that we can't get at the configuration DN from the main search base"
791 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
792 assert len(res) == 0, "Got configuration DN " + res[0].dn + " which should not be able to be seen from main search base"
793 assertEquals(len(res), 0)
795 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
796 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
799 if gc_ldb is not None:
800 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
802 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
805 print "Testing that we do find configuration elements in the global catlog"
806 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
807 assert (len(res) > 0)
809 print "Testing that we do find configuration elements and user elements at the same time"
810 res = gc_ldb.search(base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
811 assert (len(res) > 0)
813 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
814 res = gc_ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
815 assert (len(res) > 0)
817 print "Testing that we can get at the configuration DN on the main LDAP port"
818 res = ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
819 assert (len(res) > 0)
821 print "Testing objectCategory canonacolisation"
822 res = ldb.search(configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
823 assert len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA"
824 assert(len(res) != 0)
826 res = ldb.search(configuration_dn, expression="objectCategory=CN=ntDs-DSA," + schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
827 assert len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn
828 assert(len(res) != 0)
830 print "Testing objectClass attribute order on "+ base_dn
831 res = ldb.search(expression="objectClass=domain", base=base_dn,
832 scope=SCOPE_BASE, attrs=["objectClass"])
833 assertEquals(len(res), 1)
835 assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])
839 print "Testing ldb.search for objectCategory=person"
840 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
843 print "Testing ldb.search for objectCategory=person with domain scope control"
844 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
847 print "Testing ldb.search for objectCategory=user"
848 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
852 print "Testing ldb.search for objectCategory=user with domain scope control"
853 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
856 print "Testing ldb.search for objectCategory=group"
857 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
860 print "Testing ldb.search for objectCategory=group with domain scope control"
861 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
864 def basedn_tests(ldb, gc_ldb):
865 print "Testing for all rootDSE attributes"
866 res = ldb.search(scope=SCOPE_BASE, attrs=[])
867 assertEquals(len(res), 1)
869 print "Testing for highestCommittedUSN"
870 res = ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
871 assertEquals(len(res), 1)
872 assert(int(res[0]["highestCommittedUSN"][0]) != 0)
874 print "Testing for netlogon via LDAP"
875 res = ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
876 assertEquals(len(res), 0)
878 print "Testing for netlogon and highestCommittedUSN via LDAP"
879 res = ldb.search("", scope=SCOPE_BASE,
880 attrs=["netlogon", "highestCommittedUSN"])
881 assertEquals(len(res), 0)
884 def find_basedn(ldb):
885 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
886 attrs=["defaultNamingContext"])
887 assertEquals(len(res), 1)
888 return res[0]["defaultNamingContext"][0]
891 def find_configurationdn(ldb):
892 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
893 assertEquals(len(res), 1)
894 return res[0]["configurationNamingContext"][0]
897 def find_schemadn(ldb):
898 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
899 assertEquals(len(res), 1)
900 return res[0]["schemaNamingContext"][0]
902 if not "://" in host:
903 host = "ldap://%s" % host
905 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
906 base_dn = find_basedn(ldb)
907 configuration_dn = find_configurationdn(ldb)
908 schema_dn = find_schemadn(ldb)
910 print "baseDN: %s\n" % base_dn
912 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
913 session_info=system_session(), lp=lp)
915 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
916 basedn_tests(ldb, gc_ldb)