[ab/samba.git/.git] / source4 / lib / ldb / tests / python / ldap.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
# This is a port of the original in testprogs/ejs/ldap.js

import getopt
import optparse
import sys

# Add path to the library for in-tree use
sys.path.append("scripting/python")
import samba.getopt as options

from auth import system_session
from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
                 LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
                 LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
                 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
from samba import Ldb
import param

parser = optparse.OptionParser("ldap [options] <host>")
parser.add_option_group(options.SambaOptions(parser))
parser.add_option_group(options.VersionOptions(parser))
# use command line creds if available
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
creds = credopts.get_credentials()
opts, args = parser.parse_args()

if len(args) < 1:
    parser.print_usage()
    sys.exit(1)

host = args[0]

lp = param.LoadParm()
if opts.configfile:
    lp.load(opts.configfile)

def delete_force(ldb, dn):
    try:
        ldb.delete(dn)
    except LdbError, (num, _): 
        if num != LDB_ERR_NO_SUCH_OBJECT:
            assert False

def assertEquals(a1, a2):
    assert a1 == a2, "Expected %r == %r" % (a1, a2)

def basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn):
    print "Running basic tests"

    delete_force(ldb, "cn=ldaptestuser,cn=users," + base_dn)
    delete_force(ldb, "cn=ldaptestgroup,cn=users," + base_dn)

    print "Testing group add with invalid member"
    try:
        ldb.add({
        "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
        "objectclass": "group",
        "member": "cn=ldaptestuser,cn=useRs," + base_dn})
    except LdbError, (num, _): 
        if num != LDB_ERR_NO_SUCH_OBJECT:
            assert False
    else:
        assert False

    print "Testing user add"
    try:
        ldb.add({
        "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
        "objectclass": ["user", "person"],
        "cN": "LDAPtestUSER",
        "givenname": "ldap",
        "sn": "testy"})
    except LdbError:
        ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
        ldb.add({
            "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
            "objectclass": ["user", "person"],
            "cN": "LDAPtestUSER",
            "givenname": "ldap",
            "sn": "testy"})

    ldb.add({
        "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
        "objectclass": "group",
        "member": "cn=ldaptestuser,cn=useRs," + base_dn})

    try:
        ldb.add({
        "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
        "objectclass": "computer",
        "cN": "LDAPtestCOMPUTER"})
    except LdbError:
        ldb.delete("cn=ldaptestcomputer,cn=computers," + base_dn)
        ldb.add({
            "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
            "objectClass": "computer",
            "cn": "LDAPtestCOMPUTER"})

    try:
        ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + base_dn,
        "objectClass": "computer",
        "cn": "LDAPtest2COMPUTER",
        "userAccountControl": "4096",
        "displayname": "ldap testy"})
    except LdbError:
        ldb.delete("cn=ldaptest2computer,cn=computers," + base_dn)
        ldb.add({
            "dn": "cn=ldaptest2computer,cn=computers," + base_dn,
            "objectClass": "computer",
            "cn": "LDAPtest2COMPUTER",
            "userAccountControl": "4096",
            "displayname": "ldap testy"})

    print "Testing attribute or value exists behaviour"
    try:
        ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
changetype: modify
replace: servicePrincipalName
servicePrincipalName: host/ldaptest2computer
servicePrincipalName: host/ldaptest2computer
servicePrincipalName: cifs/ldaptest2computer
""")
    except LdbError, (num, msg):
        assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS

        ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
changetype: modify
replace: servicePrincipalName
servicePrincipalName: host/ldaptest2computer
servicePrincipalName: cifs/ldaptest2computer
""")
        try:
            ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
changetype: modify
add: servicePrincipalName
servicePrincipalName: host/ldaptest2computer
""")
        except LdbError, (num, msg):
            assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
        
        print "Testing ranged results"
        ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
changetype: modify
replace: servicePrincipalName
""")
        
        ldb.modify_ldif("""
dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
changetype: modify
add: servicePrincipalName
servicePrincipalName: host/ldaptest2computer0
servicePrincipalName: host/ldaptest2computer1
servicePrincipalName: host/ldaptest2computer2
servicePrincipalName: host/ldaptest2computer3
servicePrincipalName: host/ldaptest2computer4
servicePrincipalName: host/ldaptest2computer5
servicePrincipalName: host/ldaptest2computer6
servicePrincipalName: host/ldaptest2computer7
servicePrincipalName: host/ldaptest2computer8
servicePrincipalName: host/ldaptest2computer9
servicePrincipalName: host/ldaptest2computer10
servicePrincipalName: host/ldaptest2computer11
servicePrincipalName: host/ldaptest2computer12
servicePrincipalName: host/ldaptest2computer13
servicePrincipalName: host/ldaptest2computer14
servicePrincipalName: host/ldaptest2computer15
servicePrincipalName: host/ldaptest2computer16
servicePrincipalName: host/ldaptest2computer17
servicePrincipalName: host/ldaptest2computer18
servicePrincipalName: host/ldaptest2computer19
servicePrincipalName: host/ldaptest2computer20
servicePrincipalName: host/ldaptest2computer21
servicePrincipalName: host/ldaptest2computer22
servicePrincipalName: host/ldaptest2computer23
servicePrincipalName: host/ldaptest2computer24
servicePrincipalName: host/ldaptest2computer25
servicePrincipalName: host/ldaptest2computer26
servicePrincipalName: host/ldaptest2computer27
servicePrincipalName: host/ldaptest2computer28
servicePrincipalName: host/ldaptest2computer29
""")

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, 
                         attrs=["servicePrincipalName;range=0-*"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        #print len(res[0]["servicePrincipalName;range=0-*"])
        assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
#        print res[0]["servicePrincipalName;range=0-19"].length
        assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)

        
        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)

        
        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
#        pos_11 = res[0]["servicePrincipalName;range=10-*"][18]

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
#        print res[0]["servicePrincipalName;range=11-*"][18]
#        print pos_11
#        assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
        assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
#        assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)

        res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
        assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
#        print res[0]["servicePrincipalName"][18]
#        print pos_11
        assertEquals(len(res[0]["servicePrincipalName"]), 30)
#        assertEquals(res[0]["servicePrincipalName"][18], pos_11)

    try:
        ldb.add({
        "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
        "objectClass": ["person", "user"],
        "cn": "LDAPtestUSER2",
        "givenname": "testy",
        "sn": "ldap user2"})
    except LdbError:
        ldb.delete("cn=ldaptestuser2,cn=users," + base_dn)
        ldb.add({
                "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
                "objectClass": ["person", "user"],
                "cn": "LDAPtestUSER2",
                "givenname": "testy",
                "sn": "ldap user2"})

    print "Testing Ambigious Name Resolution"
#   Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
    res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
    assert len(res) == 3, "Could not find (&(anr=ldap testy)(objectClass=user))"

#   Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
    res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
    assert len(res) == 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)

#   Testing ldb.search for (&(anr=ldap)(objectClass=user))
    res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
    assert len(res) == 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)

#   Testing ldb.search for (&(anr==ldap)(objectClass=user))
    res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)

    assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
    assertEquals(res[0]["cn"][0], "ldaptestuser")
    assertEquals(res[0]["name"], "ldaptestuser")

#   Testing ldb.search for (&(anr=testy)(objectClass=user))
    res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
    assert len(res) == 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)

#   Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
    res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
    assert len(res) == 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)

#   Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
    res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
    assert len(res) == 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)

    assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
    assertEquals(res[0]["cn"][0], "ldaptestuser")
    assertEquals(res[0]["name"][0], "ldaptestuser")

# Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
    res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(anr==testy ldap)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
    assertEquals(res[0]["cn"][0], "ldaptestuser")
    assertEquals(res[0]["name"][0], "ldaptestuser")

    # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
    res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(anr=testy ldap user)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestuser2")
    assertEquals(res[0]["name"], "ldaptestuser2")

    # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
    res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestuser2")
    assertEquals(res[0]["name"], "ldaptestuser2")

    # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
    res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(anr==ldap user2)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestuser2")
    assertEquals(res[0]["name"], "ldaptestuser2")

    # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
    res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
    assert len(res) == 0, "Must not find (&(anr==not ldap user2)(objectClass=user))"

    # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
    res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
    assert len(res) == 0, "Must not find (&(anr=not ldap user2)(objectClass=user))"

    print "Testing Group Modifies"
    ldb.modify_ldif("""
dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
changetype: modify
add: member
member: cn=ldaptestuser2,cn=users,""" + base_dn + """
member: cn=ldaptestcomputer,cn=computers,""" + base_dn + """
""")

    delete_force(ldb, "cn=ldaptestuser3,cn=users," + base_dn)

    print "Testing adding non-existent user to a group"
    try:
        ldb.modify_ldif("""
dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
changetype: modify
add: member
member: cn=ldaptestuser3,cn=users,""" + base_dn + """
""")
    except LdbError, (num, _):
        assert num == LDB_ERR_NO_SUCH_OBJECT
    else:
        assert False

    print "Testing Renames"

    ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)

    ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)

    ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn)

    print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestUSER3")
    assertEquals(res[0]["name"], "ldaptestUSER3")

# This is a Samba special, and does not exist in real AD
#    print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
#    res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
#    if (res.error != 0 || len(res) != 1) {
#        print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
#        assertEquals(len(res), 1)
#    }
#    assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
#    assertEquals(res[0].cn, "ldaptestUSER3")
#    assertEquals(res[0].name, "ldaptestUSER3")

    print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
    res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
    assert len(res) == 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
    assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestUSER3")
    assertEquals(res[0]["name"], "ldaptestUSER3")

    # ensure we cannot add it again
    try:
        ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + base_dn,
                  "objectClass": ["person", "user"],
                  "cn": "LDAPtestUSER3"})
    except LdbError, (num, _):
        assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
    else:
        assert False

    # rename back
    ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)

    # ensure we cannnot rename it twice
    try:
        ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
    except LdbError, (num, _): 
        assert num == LDB_ERR_NO_SUCH_OBJECT
    else:
        assert False

    # ensure can now use that name
    ldb.add({"dn": "cn=ldaptestuser3,cn=users," + base_dn,
                  "objectClass": ["person", "user"],
                  "cn": "LDAPtestUSER3"})
    
    # ensure we now cannnot rename
    try:
        ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
    except LdbError, (num, _):
        assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
    else:
        assert False
    try:
        ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn)
    except LdbError, (num, _):
        assert num in (71, 64)
    else:
        assert False

    ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn)

    ldb.delete("cn=ldaptestuser5,cn=users," + base_dn)

    delete_force(ldb, "cn=ldaptestgroup2,cn=users," + base_dn)

    ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn)

    print "Testing subtree Renames"

    ldb.add({"dn": "cn=ldaptestcontainer," + base_dn, 
             "objectClass": "container"})
    
    try:
        ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn, 
             "objectClass": ["person", "user"],
             "cn": "LDAPtestUSER4"})
    except LdbError:
        ldb.delete("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn)
        ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
                      "objectClass": ["person", "user"],
                      "cn": "LDAPtestUSER4"})

    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
add: member
member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + base_dn + """
""")
    
    print "Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn
    ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn)

    print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))"

    print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
    try:
        ldb.search("cn=ldaptestcontainer," + base_dn, 
                expression="(&(cn=ldaptestuser4)(objectClass=user))", 
                scope=SCOPE_SUBTREE)
    except LdbError, (num, _):
        assert num == LDB_ERR_NO_SUCH_OBJECT
    else:
        assert False

    print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
    try:
        res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
    except LdbError, (num, _):
        assert num == LDB_ERR_NO_SUCH_OBJECT
    else:
        assert False

    print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
    res = ldb.search("cn=ldaptestcontainer2," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
    assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn

    assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
    assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + base_dn).upper())

    print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
    res = ldb.search(base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
    assert len(res) == 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?"

    print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn
    try:
        ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn)
    except LdbError, (num, _):
        assert num == LDB_ERR_UNWILLING_TO_PERFORM
    else:
        assert False

    print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn
    try:
        ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn)
    except LdbError, (num, _):
        assert num in (53, 80)
    else:
        assert False

    print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn
    try:
        ldb.delete("cn=ldaptestcontainer2," + base_dn)
    except LdbError, (num, _):
        assert num == LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
    else:
        assert False

    print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn
    res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
    assert len(res) == 1
    res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
    assert len(res) == 0

    print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
    res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_ONELEVEL)
    # FIXME: assert len(res) == 0

    print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
    res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_SUBTREE)
    #FIXME: assert len(res) == 0

    print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn)
    ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
    print "Testing delete of renamed cn=ldaptestcontainer2," + base_dn
    ldb.delete("cn=ldaptestcontainer2," + base_dn)
    
    try:
        ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
    except LdbError, (num, _):
        ldb.delete("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn)
        ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})

    try:
        ldb.add({"dn": "cn=ldaptestutf8user2  èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
    except LdbError, (num, _):
        ldb.delete("cn=ldaptestutf8user2  èùéìòà ,cn=users," + base_dn)
        ldb.add({"dn": "cn=ldaptestutf8user2  èùéìòà ,cn=users," + base_dn,
                  "objectClass": "user"})

    print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestuser")
    assertEquals(res[0]["name"], "ldaptestuser")
    assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
    assert("objectGUID" in res[0])
    assert("whenCreated" in res[0])
    assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + base_dn))
    assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
#    assertEquals(res[0].userAccountControl, 546)
    assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
    assertEquals(len(res[0]["memberOf"]), 1)
 
    print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
    res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))")
    assert len(res2) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"

    assertEquals(res[0].dn, res2[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
    res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
    assert len(res3) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + len(res3)

    assertEquals(res[0].dn, res3[0].dn)

    if gc_ldb is not None:
        print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
        res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
        assert len(res3gc) == 1
    
        assertEquals(res[0].dn, res3gc[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
    
    res3control = gc_ldb.search(base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
    assert len(res3control) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
    
    assertEquals(res[0].dn, res3control[0].dn)

    ldb.delete(res[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"

    assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestcomputer")
    assertEquals(res[0]["name"], "ldaptestcomputer")
    assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
    assert("objectGUID" in res[0])
    assert("whenCreated" in res[0])
    assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + base_dn))
    assertEquals(int(res[0]["primaryGroupID"][0]), 513)
#    assertEquals(res[0].sAMAccountType, 805306368)
#    assertEquals(res[0].userAccountControl, 546)
    assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + base_dn)
    assertEquals(len(res[0]["memberOf"]), 1)

    print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
    res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
    assert len(res2) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"

    assertEquals(res[0].dn, res2[0].dn)

    if gc_ldb is not None:
        print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
        res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
        assert len(res2gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"

        assertEquals(res[0].dn, res2gc[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
    res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
    assert len(res3) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))"

    assertEquals(res[0].dn, res3[0].dn)

    if gc_ldb is not None:
        print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
        res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
        assert len(res3gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"

        assertEquals(res[0].dn, res3gc[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
    res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
    assert len(res4) == 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"

    assertEquals(res[0].dn, res4[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
    res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
    assert len(res5) == 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))"

    assertEquals(res[0].dn, res5[0].dn)

    print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
    res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
    assert len(res6) == 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))"

    assertEquals(res[0].dn, res6[0].dn)

    ldb.delete(res[0].dn)

    print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))"

    assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + base_dn))
    assertEquals(res[0]["cn"], "ldaptest2computer")
    assertEquals(res[0]["name"], "ldaptest2computer")
    assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
    assert("objectGUID" in res[0])
    assert("whenCreated" in res[0])
    assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + base_dn)
    assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
#    assertEquals(res[0].userAccountControl, 4098)

    ldb.delete(res[0].dn)

    attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
    print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
    res = ldb.search(base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
    assert len(res) == 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))"

    assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestuser2")
    assertEquals(res[0]["name"], "ldaptestuser2")
    assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
    assert("objectGUID" in res[0])
    assert("whenCreated" in res[0])
    assert("nTSecurityDescriptor" in res[0])
    assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))

    attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
    print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
    res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
    assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"

    assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestgroup2")
    assertEquals(res[0]["name"], "ldaptestgroup2")
    assertEquals(res[0]["objectClass"], ["top", "group"])
    assert("objectGuid" not in res[0])
    assert("whenCreated" in res[0])
    assert("nTSecurityDescriptor" in res[0])
    assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + base_dn])

    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
replace: member
member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
""")
    
    print "Testing Linked attribute behaviours"
    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
delete: member
""")

    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
add: member
member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
""")
    
    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
replace: member
""")
    
    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
add: member
member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
""")
    
    ldb.modify_ldif("""
dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
changetype: modify
delete: member
member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
""")
    
    res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
    assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"

    assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
    assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + base_dn))
    assertEquals(len(res[0]["member"]), 1)

    ldb.delete(("CN=ldaptestuser2,CN=Users," + base_dn))

    attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
    print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
    res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
    assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"

    assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
    assert("member" not in res[0])

    print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"

    assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn))
    assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
    assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
    assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
    assert("objectGUID" in res[0])
    assert("whenCreated" in res[0])

    ldb.delete(res[0].dn)

    print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
    assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))"

    ldb.delete(res[0].dn)

    ldb.delete(("CN=ldaptestgroup2,CN=Users," + base_dn))

    print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
    res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")

    #FIXME: assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"

    print "Testing that we can't get at the configuration DN from the main search base"
    res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert len(res) == 0, "Got configuration DN " + res[0].dn + " which should not be able to be seen from main search base"
    assertEquals(len(res), 0)

    print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
    res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
    assert(len(res) > 0)

    if gc_ldb is not None:
        print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
        
        res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
        assert(len(res) > 0)

        print "Testing that we do find configuration elements in the global catlog"
        res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
        assert (len(res) > 0)
    
        print "Testing that we do find configuration elements and user elements at the same time"
        res = gc_ldb.search(base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
        assert (len(res) > 0)

        print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
        res = gc_ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
        assert (len(res) > 0)

    print "Testing that we can get at the configuration DN on the main LDAP port"
    res = ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert (len(res) > 0)

    print "Testing objectCategory canonacolisation"
    res = ldb.search(configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA"
    assert(len(res) != 0)
    
    res = ldb.search(configuration_dn, expression="objectCategory=CN=ntDs-DSA," + schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
    assert len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn
    assert(len(res) != 0)
    
    print "Testing objectClass attribute order on "+ base_dn
    res = ldb.search(expression="objectClass=domain", base=base_dn, 
                     scope=SCOPE_BASE, attrs=["objectClass"])
    assertEquals(len(res), 1)

    assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])

#  check enumeration

    print "Testing ldb.search for objectCategory=person"
    res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert(len(res) > 0)

    print "Testing ldb.search for objectCategory=person with domain scope control"
    res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
    assert(len(res) > 0)
 
    print "Testing ldb.search for objectCategory=user"
    res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert(len(res) > 0)

    
    print "Testing ldb.search for objectCategory=user with domain scope control"
    res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
    assert(len(res) > 0)
    
    print "Testing ldb.search for objectCategory=group"
    res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
    assert(len(res) > 0)

    print "Testing ldb.search for objectCategory=group with domain scope control"
    res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
    assert(len(res) > 0)

def basedn_tests(ldb, gc_ldb):
    print "Testing for all rootDSE attributes"
    res = ldb.search(scope=SCOPE_BASE, attrs=[])
    assertEquals(len(res), 1)

    print "Testing for highestCommittedUSN"
    res = ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
    assertEquals(len(res), 1)
    assert(int(res[0]["highestCommittedUSN"][0]) != 0)

    print "Testing for netlogon via LDAP"
    res = ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
    assertEquals(len(res), 0)

    print "Testing for netlogon and highestCommittedUSN via LDAP"
    res = ldb.search("", scope=SCOPE_BASE, 
            attrs=["netlogon", "highestCommittedUSN"])
    assertEquals(len(res), 0)


def find_basedn(ldb):
    res = ldb.search(base="", expression="", scope=SCOPE_BASE, 
                     attrs=["defaultNamingContext"])
    assertEquals(len(res), 1)
    return res[0]["defaultNamingContext"][0]


def find_configurationdn(ldb):
    res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
    assertEquals(len(res), 1)
    return res[0]["configurationNamingContext"][0]


def find_schemadn(ldb):
    res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
    assertEquals(len(res), 1)
    return res[0]["schemaNamingContext"][0]

if not "://" in host:
    host = "ldap://%s" % host

ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
base_dn = find_basedn(ldb)
configuration_dn = find_configurationdn(ldb)
schema_dn = find_schemadn(ldb)

print "baseDN: %s\n" % base_dn

gc_ldb = Ldb("%s:3268" % host, credentials=creds, 
             session_info=system_session(), lp=lp)

basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
basedn_tests(ldb, gc_ldb)