Fix and test python scripts and kerberos
[ab/samba.git/.git] / source4 / lib / ldb / tests / python / ldap.py
1 #!/usr/bin/python
2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
4
5 import getopt
6 import optparse
7 import sys
8
9 import samba.getopt as options
10
11 from auth import system_session
12 from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
13                  LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
14                  LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
15                  LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER)
16 from samba import Ldb
17 from subunit import SubunitTestRunner
18 import param
19 import unittest
20
21 parser = optparse.OptionParser("ldap [options] <host>")
22 sambaopts = options.SambaOptions(parser)
23 parser.add_option_group(sambaopts)
24 parser.add_option_group(options.VersionOptions(parser))
25 # use command line creds if available
26 credopts = options.CredentialsOptions(parser)
27 parser.add_option_group(credopts)
28 opts, args = parser.parse_args()
29
30 if len(args) < 1:
31     parser.print_usage()
32     sys.exit(1)
33
34 host = args[0]
35
36 lp = sambaopts.get_loadparm()
37 creds = credopts.get_credentials(lp)
38
39 class BasicTests(unittest.TestCase):
40     def delete_force(self, ldb, dn):
41         try:
42             ldb.delete(dn)
43         except LdbError, (num, _): 
44             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
45
46     def find_basedn(self, ldb):
47         res = ldb.search(base="", expression="", scope=SCOPE_BASE, 
48                          attrs=["defaultNamingContext"])
49         self.assertEquals(len(res), 1)
50         return res[0]["defaultNamingContext"][0]
51
52     def find_configurationdn(self, ldb):
53         res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
54         self.assertEquals(len(res), 1)
55         return res[0]["configurationNamingContext"][0]
56
57     def find_schemadn(self, ldb):
58         res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
59         self.assertEquals(len(res), 1)
60         return res[0]["schemaNamingContext"][0]
61
62     def setUp(self):
63         self.ldb = ldb
64         self.gc_ldb = gc_ldb
65         self.base_dn = self.find_basedn(ldb)
66         self.configuration_dn = self.find_configurationdn(ldb)
67         self.schema_dn = self.find_schemadn(ldb)
68
69         print "baseDN: %s\n" % self.base_dn
70
71         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
72         self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
73
74     def test_group_add_invalid_member(self):
75         """Testing group add with invalid member"""
76         try:
77             self.ldb.add({
78                 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
79                 "objectclass": "group",
80                 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
81             self.fail()
82         except LdbError, (num, _): 
83             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
84
85     def test_all(self):
86         """Basic tests"""
87
88         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
89
90         print "Testing user add"
91         ldb.add({
92         "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
93         "objectclass": ["user", "person"],
94         "cN": "LDAPtestUSER",
95         "givenname": "ldap",
96         "sn": "testy"})
97
98         ldb.add({
99             "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
100             "objectclass": "group",
101             "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
102
103         self.delete_force(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
104         ldb.add({
105             "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
106             "objectclass": "computer",
107             "cN": "LDAPtestCOMPUTER"})
108
109         self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
110         ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
111             "objectClass": "computer",
112             "cn": "LDAPtest2COMPUTER",
113             "userAccountControl": "4096",
114             "displayname": "ldap testy"})
115
116         print "Testing attribute or value exists behaviour"
117         try:
118             ldb.modify_ldif("""
119 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
120 changetype: modify
121 replace: servicePrincipalName
122 servicePrincipalName: host/ldaptest2computer
123 servicePrincipalName: host/ldaptest2computer
124 servicePrincipalName: cifs/ldaptest2computer
125 """)
126         except LdbError, (num, msg):
127             self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS)
128
129             ldb.modify_ldif("""
130 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
131 changetype: modify
132 replace: servicePrincipalName
133 servicePrincipalName: host/ldaptest2computer
134 servicePrincipalName: cifs/ldaptest2computer
135 """)
136             try:
137                 ldb.modify_ldif("""
138 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
139 changetype: modify
140 add: servicePrincipalName
141 servicePrincipalName: host/ldaptest2computer
142 """)
143             except LdbError, (num, msg):
144                 self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS)
145             
146             print "Testing ranged results"
147             ldb.modify_ldif("""
148 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
149 changetype: modify
150 replace: servicePrincipalName
151 """)
152             
153             ldb.modify_ldif("""
154 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
155 changetype: modify
156 add: servicePrincipalName
157 servicePrincipalName: host/ldaptest2computer0
158 servicePrincipalName: host/ldaptest2computer1
159 servicePrincipalName: host/ldaptest2computer2
160 servicePrincipalName: host/ldaptest2computer3
161 servicePrincipalName: host/ldaptest2computer4
162 servicePrincipalName: host/ldaptest2computer5
163 servicePrincipalName: host/ldaptest2computer6
164 servicePrincipalName: host/ldaptest2computer7
165 servicePrincipalName: host/ldaptest2computer8
166 servicePrincipalName: host/ldaptest2computer9
167 servicePrincipalName: host/ldaptest2computer10
168 servicePrincipalName: host/ldaptest2computer11
169 servicePrincipalName: host/ldaptest2computer12
170 servicePrincipalName: host/ldaptest2computer13
171 servicePrincipalName: host/ldaptest2computer14
172 servicePrincipalName: host/ldaptest2computer15
173 servicePrincipalName: host/ldaptest2computer16
174 servicePrincipalName: host/ldaptest2computer17
175 servicePrincipalName: host/ldaptest2computer18
176 servicePrincipalName: host/ldaptest2computer19
177 servicePrincipalName: host/ldaptest2computer20
178 servicePrincipalName: host/ldaptest2computer21
179 servicePrincipalName: host/ldaptest2computer22
180 servicePrincipalName: host/ldaptest2computer23
181 servicePrincipalName: host/ldaptest2computer24
182 servicePrincipalName: host/ldaptest2computer25
183 servicePrincipalName: host/ldaptest2computer26
184 servicePrincipalName: host/ldaptest2computer27
185 servicePrincipalName: host/ldaptest2computer28
186 servicePrincipalName: host/ldaptest2computer29
187 """)
188
189             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, 
190                              attrs=["servicePrincipalName;range=0-*"])
191             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
192             #print len(res[0]["servicePrincipalName;range=0-*"])
193             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
194
195             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
196             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
197             # print res[0]["servicePrincipalName;range=0-19"].length
198             self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
199
200             
201             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
202             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
203             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
204
205             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
206             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
207             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
208
209             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
210             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
211             self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
212
213             
214             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
215             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
216             self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
217             # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
218
219             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
220             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
221             self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
222             # print res[0]["servicePrincipalName;range=11-*"][18]
223             # print pos_11
224             # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
225
226             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
227             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
228             self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
229             # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
230
231             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
232             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
233             # print res[0]["servicePrincipalName"][18]
234             # print pos_11
235             self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
236             # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
237
238         self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
239         ldb.add({
240             "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
241             "objectClass": ["person", "user"],
242             "cn": "LDAPtestUSER2",
243             "givenname": "testy",
244             "sn": "ldap user2"})
245
246         print "Testing Ambigious Name Resolution"
247         # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
248         res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
249         self.assertEquals(len(res), 3, "Could not find (&(anr=ldap testy)(objectClass=user))")
250
251         # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
252         res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
253         self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
254
255         # Testing ldb.search for (&(anr=ldap)(objectClass=user))
256         res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
257         self.assertEquals(len(res), 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
258
259         # Testing ldb.search for (&(anr==ldap)(objectClass=user))
260         res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
261         self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
262
263         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
264         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
265         self.assertEquals(res[0]["name"], "ldaptestuser")
266
267         # Testing ldb.search for (&(anr=testy)(objectClass=user))
268         res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
269         self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
270
271         # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
272         res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
273         self.assertEquals(len(res), 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res))
274
275         # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
276         res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
277         self.assertEquals(len(res), 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res))
278
279         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
280         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
281         self.assertEquals(res[0]["name"][0], "ldaptestuser")
282
283         # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
284         res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
285         self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
286
287         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
288         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
289         self.assertEquals(res[0]["name"][0], "ldaptestuser")
290
291         # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
292         res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
293         self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
294
295         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
296         self.assertEquals(res[0]["cn"], "ldaptestuser2")
297         self.assertEquals(res[0]["name"], "ldaptestuser2")
298
299         # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
300         res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
301         self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
302
303         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
304         self.assertEquals(res[0]["cn"], "ldaptestuser2")
305         self.assertEquals(res[0]["name"], "ldaptestuser2")
306
307         # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
308         res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
309         self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
310
311         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
312         self.assertEquals(res[0]["cn"], "ldaptestuser2")
313         self.assertEquals(res[0]["name"], "ldaptestuser2")
314
315         # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
316         res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
317         self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
318
319         # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
320         res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
321         self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
322
323         print "Testing Group Modifies"
324         ldb.modify_ldif("""
325 dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """
326 changetype: modify
327 add: member
328 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
329 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
330 """)
331
332         self.delete_force(ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
333
334         print "Testing adding non-existent user to a group"
335         try:
336             ldb.modify_ldif("""
337 dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """
338 changetype: modify
339 add: member
340 member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """
341 """)
342             self.fail()
343         except LdbError, (num, _):
344             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
345
346         print "Testing Renames"
347
348         ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
349
350         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
351
352         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
353
354         print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
355         res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
356         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
357
358         self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
359         self.assertEquals(res[0]["cn"], "ldaptestUSER3")
360         self.assertEquals(res[0]["name"], "ldaptestUSER3")
361
362         # This is a Samba special, and does not exist in real AD
363         #    print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
364         #    res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
365         #    if (res.error != 0 || len(res) != 1) {
366         #        print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
367         #        self.assertEquals(len(res), 1)
368         #    }
369         #    self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
370         #    self.assertEquals(res[0].cn, "ldaptestUSER3")
371         #    self.assertEquals(res[0].name, "ldaptestUSER3")
372
373         print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
374         res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
375         self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
376         self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
377         self.assertEquals(res[0]["cn"], "ldaptestUSER3")
378         self.assertEquals(res[0]["name"], "ldaptestUSER3")
379
380         # ensure we cannot add it again
381         try:
382             ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
383                       "objectClass": ["person", "user"],
384                       "cn": "LDAPtestUSER3"})
385             self.fail()
386         except LdbError, (num, _):
387             self.assertEquals(num, LDB_ERR_ENTRY_ALREADY_EXISTS)
388
389         # rename back
390         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
391
392         # ensure we cannnot rename it twice
393         try:
394             ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, 
395                        "cn=ldaptestuser2,cn=users," + self.base_dn)
396             self.fail()
397         except LdbError, (num, _): 
398             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
399
400         # ensure can now use that name
401         ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
402                       "objectClass": ["person", "user"],
403                       "cn": "LDAPtestUSER3"})
404         
405         # ensure we now cannnot rename
406         try:
407             ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
408             self.fail()
409         except LdbError, (num, _):
410             self.assertEquals(num, LDB_ERR_ENTRY_ALREADY_EXISTS)
411         try:
412             ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
413             self.fail()
414         except LdbError, (num, _):
415             self.assertTrue(num in (71, 64))
416
417         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
418
419         ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
420
421         self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
422
423         ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
424
425         print "Testing subtree Renames"
426
427         ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn, 
428                  "objectClass": "container"})
429         
430         self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
431         ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn, 
432                  "objectClass": ["person", "user"],
433                  "cn": "LDAPtestUSER4"})
434
435         ldb.modify_ldif("""
436 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
437 changetype: modify
438 add: member
439 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
440 """)
441         
442         print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
443         ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
444
445         print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
446         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
447         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
448
449         print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
450         try:
451             ldb.search("cn=ldaptestcontainer," + self.base_dn, 
452                     expression="(&(cn=ldaptestuser4)(objectClass=user))", 
453                     scope=SCOPE_SUBTREE)
454             self.fail()
455         except LdbError, (num, _):
456             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
457
458         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
459         try:
460             res = ldb.search("cn=ldaptestcontainer," + self.base_dn, 
461                     expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
462             self.fail()
463         except LdbError, (num, _):
464             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
465
466         print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
467         res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
468         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
469
470         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
471         self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
472
473         print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
474         res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
475         self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?")
476
477         print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
478         try:
479             ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
480             self.fail()
481         except LdbError, (num, _):
482             self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM)
483
484         print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
485         try:
486             ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
487             self.fail()
488         except LdbError, (num, _):
489             self.assertTrue(num in (LDB_ERR_UNWILLING_TO_PERFORM, LDB_ERR_OTHER))
490
491         print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
492         try:
493             ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
494             self.fail()
495         except LdbError, (num, _):
496             self.assertEquals(num, LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
497
498         print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
499         res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
500         self.assertEquals(len(res), 1)
501         res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
502         self.assertEquals(len(res), 0)
503
504         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
505         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
506         # FIXME: self.assertEquals(len(res), 0)
507
508         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
509         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
510         # FIXME: self.assertEquals(len(res), 0)
511
512         print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
513         ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
514         print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
515         ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
516         
517         self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn)
518         ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"})
519
520         self.delete_force(self.ldb, "cn=ldaptestutf8user2  èùéìòà ,cn=users," + self.base_dn)
521         ldb.add({"dn": "cn=ldaptestutf8user2  èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"})
522
523         print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
524         res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
525         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
526
527         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
528         self.assertEquals(res[0]["cn"], "ldaptestuser")
529         self.assertEquals(res[0]["name"], "ldaptestuser")
530         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
531         self.assertTrue("objectGUID" in res[0])
532         self.assertTrue("whenCreated" in res[0])
533         self.assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
534         self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
535         # self.assertEquals(res[0].userAccountControl, 546)
536         self.assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
537         self.assertEquals(len(res[0]["memberOf"]), 1)
538      
539         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
540         res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
541         self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
542
543         self.assertEquals(res[0].dn, res2[0].dn)
544
545         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
546         res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
547         self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
548
549         self.assertEquals(res[0].dn, res3[0].dn)
550
551         if gc_ldb is not None:
552             print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
553             res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
554             self.assertEquals(len(res3gc), 1)
555         
556             self.assertEquals(res[0].dn, res3gc[0].dn)
557
558         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
559         
560         res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
561         self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
562         
563         self.assertEquals(res[0].dn, res3control[0].dn)
564
565         ldb.delete(res[0].dn)
566
567         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
568         res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
569         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
570
571         self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
572         self.assertEquals(res[0]["cn"], "ldaptestcomputer")
573         self.assertEquals(res[0]["name"], "ldaptestcomputer")
574         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
575         self.assertTrue("objectGUID" in res[0])
576         self.assertTrue("whenCreated" in res[0])
577         self.assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
578         self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
579         # self.assertEquals(res[0].sAMAccountType, 805306368)
580         # self.assertEquals(res[0].userAccountControl, 546)
581         self.assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + self.base_dn)
582         self.assertEquals(len(res[0]["memberOf"]), 1)
583
584         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
585         res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
586         self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
587
588         self.assertEquals(res[0].dn, res2[0].dn)
589
590         if gc_ldb is not None:
591             print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
592             res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
593             self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
594
595             self.assertEquals(res[0].dn, res2gc[0].dn)
596
597         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
598         res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
599         self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
600
601         self.assertEquals(res[0].dn, res3[0].dn)
602
603         if gc_ldb is not None:
604             print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
605             res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
606             self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
607
608             self.assertEquals(res[0].dn, res3gc[0].dn)
609
610         print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
611         res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
612         self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
613
614         self.assertEquals(res[0].dn, res4[0].dn)
615
616         print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
617         res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
618         self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
619
620         self.assertEquals(res[0].dn, res5[0].dn)
621
622         print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
623         res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
624         self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
625
626         self.assertEquals(res[0].dn, res6[0].dn)
627
628         ldb.delete(res[0].dn)
629
630         print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
631         res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
632         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
633
634         self.assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + self.base_dn))
635         self.assertEquals(res[0]["cn"], "ldaptest2computer")
636         self.assertEquals(res[0]["name"], "ldaptest2computer")
637         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
638         self.assertTrue("objectGUID" in res[0])
639         self.assertTrue("whenCreated" in res[0])
640         self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
641         self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
642     #    self.assertEquals(res[0].userAccountControl, 4098)
643
644         ldb.delete(res[0].dn)
645
646         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
647         print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
648         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
649         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
650
651         self.assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + self.base_dn))
652         self.assertEquals(res[0]["cn"], "ldaptestuser2")
653         self.assertEquals(res[0]["name"], "ldaptestuser2")
654         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
655         self.assertTrue("objectGUID" in res[0])
656         self.assertTrue("whenCreated" in res[0])
657         self.assertTrue("nTSecurityDescriptor" in res[0])
658         self.assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
659
660         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
661         print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
662         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
663         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
664
665         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
666         self.assertEquals(res[0]["cn"], "ldaptestgroup2")
667         self.assertEquals(res[0]["name"], "ldaptestgroup2")
668         self.assertEquals(res[0]["objectClass"], ["top", "group"])
669         self.assertTrue("objectGuid" not in res[0])
670         self.assertTrue("whenCreated" in res[0])
671         self.assertTrue("nTSecurityDescriptor" in res[0])
672         self.assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + self.base_dn])
673
674         ldb.modify_ldif("""
675 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
676 changetype: modify
677 replace: member
678 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
679 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
680 """)
681         
682         print "Testing Linked attribute behaviours"
683         ldb.modify_ldif("""
684 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
685 changetype: modify
686 delete: member
687 """)
688
689         ldb.modify_ldif("""
690 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
691 changetype: modify
692 add: member
693 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
694 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
695 """)
696         
697         ldb.modify_ldif("""
698 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
699 changetype: modify
700 replace: member
701 """)
702         
703         ldb.modify_ldif("""
704 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
705 changetype: modify
706 add: member
707 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
708 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
709 """)
710         
711         ldb.modify_ldif("""
712 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
713 changetype: modify
714 delete: member
715 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
716 """)
717         
718         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
719         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
720
721         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
722         self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
723         self.assertEquals(len(res[0]["member"]), 1)
724
725         ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
726
727         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
728         print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
729         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
730         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
731
732         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
733         self.assertTrue("member" not in res[0])
734
735         print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
736         res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
737         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
738
739         self.assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
740         self.assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
741         self.assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
742         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
743         self.assertTrue("objectGUID" in res[0])
744         self.assertTrue("whenCreated" in res[0])
745
746         ldb.delete(res[0].dn)
747
748         print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
749         res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
750         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
751
752         ldb.delete(res[0].dn)
753
754         ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
755
756         print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
757         res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
758
759         #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
760
761         print "Testing that we can't get at the configuration DN from the main search base"
762         res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
763         self.assertEquals(len(res), 0)
764
765         print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
766         res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
767         self.assertTrue(len(res) > 0)
768
769         if gc_ldb is not None:
770             print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
771             
772             res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
773             self.assertTrue(len(res) > 0)
774
775             print "Testing that we do find configuration elements in the global catlog"
776             res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
777             self.assertTrue(len(res) > 0)
778         
779             print "Testing that we do find configuration elements and user elements at the same time"
780             res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
781             self.assertTrue(len(res) > 0)
782
783             print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
784             res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
785             self.assertTrue(len(res) > 0)
786
787         print "Testing that we can get at the configuration DN on the main LDAP port"
788         res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
789         self.assertTrue(len(res) > 0)
790
791         print "Testing objectCategory canonacolisation"
792         res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
793         self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
794         self.assertTrue(len(res) != 0)
795         
796         res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
797         self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
798         self.assertTrue(len(res) != 0)
799         
800         print "Testing objectClass attribute order on "+ self.base_dn
801         res = ldb.search(expression="objectClass=domain", base=self.base_dn, 
802                          scope=SCOPE_BASE, attrs=["objectClass"])
803         self.assertEquals(len(res), 1)
804
805         self.assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])
806
807     #  check enumeration
808
809         print "Testing ldb.search for objectCategory=person"
810         res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
811         self.assertTrue(len(res) > 0)
812
813         print "Testing ldb.search for objectCategory=person with domain scope control"
814         res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
815         self.assertTrue(len(res) > 0)
816      
817         print "Testing ldb.search for objectCategory=user"
818         res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
819         self.assertTrue(len(res) > 0)
820         
821         print "Testing ldb.search for objectCategory=user with domain scope control"
822         res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
823         self.assertTrue(len(res) > 0)
824         
825         print "Testing ldb.search for objectCategory=group"
826         res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
827         self.assertTrue(len(res) > 0)
828
829         print "Testing ldb.search for objectCategory=group with domain scope control"
830         res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
831         self.assertTrue(len(res) > 0)
832
833
834 class BaseDnTests(unittest.TestCase):
835     def setUp(self):
836         self.ldb = ldb
837
838     def test_rootdse_attrs(self):
839         """Testing for all rootDSE attributes"""
840         res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
841         self.assertEquals(len(res), 1)
842
843     def test_highestcommittedusn(self):
844         """Testing for highestCommittedUSN"""
845         res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
846         self.assertEquals(len(res), 1)
847         self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
848
849     def test_netlogon(self):
850         """Testing for netlogon via LDAP"""
851         res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
852         self.assertEquals(len(res), 0)
853
854     def test_netlogon_highestcommitted_usn(self):
855         """Testing for netlogon and highestCommittedUSN via LDAP"""
856         res = self.ldb.search("", scope=SCOPE_BASE, 
857                 attrs=["netlogon", "highestCommittedUSN"])
858         self.assertEquals(len(res), 0)
859
860
861 if not "://" in host:
862     host = "ldap://%s" % host
863
864 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
865 gc_ldb = Ldb("%s:3268" % host, credentials=creds, 
866              session_info=system_session(), lp=lp)
867
868 runner = SubunitTestRunner()
869 runner.run(unittest.makeSuite(BaseDnTests))
870 runner.run(unittest.makeSuite(BasicTests))