2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
9 import samba.getopt as options
11 from auth import system_session
12 from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
13 LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
14 LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
15 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
19 parser = optparse.OptionParser("ldap [options] <host>")
20 sambaopts = options.SambaOptions(parser)
21 parser.add_option_group(sambaopts)
22 parser.add_option_group(options.VersionOptions(parser))
23 # use command line creds if available
24 credopts = options.CredentialsOptions(parser)
25 parser.add_option_group(credopts)
26 creds = credopts.get_credentials()
27 opts, args = parser.parse_args()
35 lp = sambaopts.get_loadparm()
37 def delete_force(ldb, dn):
40 except LdbError, (num, _):
41 if num != LDB_ERR_NO_SUCH_OBJECT:
44 def assertEquals(a1, a2):
45 assert a1 == a2, "Expected %r == %r" % (a1, a2)
47 def basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn):
48 print "Running basic tests"
50 delete_force(ldb, "cn=ldaptestuser,cn=users," + base_dn)
51 delete_force(ldb, "cn=ldaptestgroup,cn=users," + base_dn)
53 print "Testing group add with invalid member"
56 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
57 "objectclass": "group",
58 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
59 except LdbError, (num, _):
60 if num != LDB_ERR_NO_SUCH_OBJECT:
65 print "Testing user add"
68 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
69 "objectclass": ["user", "person"],
74 ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
76 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
77 "objectclass": ["user", "person"],
83 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
84 "objectclass": "group",
85 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
89 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
90 "objectclass": "computer",
91 "cN": "LDAPtestCOMPUTER"})
93 ldb.delete("cn=ldaptestcomputer,cn=computers," + base_dn)
95 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
96 "objectClass": "computer",
97 "cn": "LDAPtestCOMPUTER"})
100 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + base_dn,
101 "objectClass": "computer",
102 "cn": "LDAPtest2COMPUTER",
103 "userAccountControl": "4096",
104 "displayname": "ldap testy"})
106 ldb.delete("cn=ldaptest2computer,cn=computers," + base_dn)
108 "dn": "cn=ldaptest2computer,cn=computers," + base_dn,
109 "objectClass": "computer",
110 "cn": "LDAPtest2COMPUTER",
111 "userAccountControl": "4096",
112 "displayname": "ldap testy"})
114 print "Testing attribute or value exists behaviour"
117 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
119 replace: servicePrincipalName
120 servicePrincipalName: host/ldaptest2computer
121 servicePrincipalName: host/ldaptest2computer
122 servicePrincipalName: cifs/ldaptest2computer
124 except LdbError, (num, msg):
125 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
128 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
130 replace: servicePrincipalName
131 servicePrincipalName: host/ldaptest2computer
132 servicePrincipalName: cifs/ldaptest2computer
136 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
138 add: servicePrincipalName
139 servicePrincipalName: host/ldaptest2computer
141 except LdbError, (num, msg):
142 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
144 print "Testing ranged results"
146 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
148 replace: servicePrincipalName
152 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
154 add: servicePrincipalName
155 servicePrincipalName: host/ldaptest2computer0
156 servicePrincipalName: host/ldaptest2computer1
157 servicePrincipalName: host/ldaptest2computer2
158 servicePrincipalName: host/ldaptest2computer3
159 servicePrincipalName: host/ldaptest2computer4
160 servicePrincipalName: host/ldaptest2computer5
161 servicePrincipalName: host/ldaptest2computer6
162 servicePrincipalName: host/ldaptest2computer7
163 servicePrincipalName: host/ldaptest2computer8
164 servicePrincipalName: host/ldaptest2computer9
165 servicePrincipalName: host/ldaptest2computer10
166 servicePrincipalName: host/ldaptest2computer11
167 servicePrincipalName: host/ldaptest2computer12
168 servicePrincipalName: host/ldaptest2computer13
169 servicePrincipalName: host/ldaptest2computer14
170 servicePrincipalName: host/ldaptest2computer15
171 servicePrincipalName: host/ldaptest2computer16
172 servicePrincipalName: host/ldaptest2computer17
173 servicePrincipalName: host/ldaptest2computer18
174 servicePrincipalName: host/ldaptest2computer19
175 servicePrincipalName: host/ldaptest2computer20
176 servicePrincipalName: host/ldaptest2computer21
177 servicePrincipalName: host/ldaptest2computer22
178 servicePrincipalName: host/ldaptest2computer23
179 servicePrincipalName: host/ldaptest2computer24
180 servicePrincipalName: host/ldaptest2computer25
181 servicePrincipalName: host/ldaptest2computer26
182 servicePrincipalName: host/ldaptest2computer27
183 servicePrincipalName: host/ldaptest2computer28
184 servicePrincipalName: host/ldaptest2computer29
187 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
188 attrs=["servicePrincipalName;range=0-*"])
189 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
190 #print len(res[0]["servicePrincipalName;range=0-*"])
191 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
193 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
194 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
195 # print res[0]["servicePrincipalName;range=0-19"].length
196 assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
199 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
200 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
201 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
203 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
204 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
205 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
207 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
208 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
209 assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
212 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
213 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
214 assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
215 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
217 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
218 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
219 assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
220 # print res[0]["servicePrincipalName;range=11-*"][18]
222 # assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
224 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
225 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
226 assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
227 # assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
229 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
230 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
231 # print res[0]["servicePrincipalName"][18]
233 assertEquals(len(res[0]["servicePrincipalName"]), 30)
234 # assertEquals(res[0]["servicePrincipalName"][18], pos_11)
238 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
239 "objectClass": ["person", "user"],
240 "cn": "LDAPtestUSER2",
241 "givenname": "testy",
244 ldb.delete("cn=ldaptestuser2,cn=users," + base_dn)
246 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
247 "objectClass": ["person", "user"],
248 "cn": "LDAPtestUSER2",
249 "givenname": "testy",
252 print "Testing Ambigious Name Resolution"
253 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
254 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
255 assert len(res) == 3, "Could not find (&(anr=ldap testy)(objectClass=user))"
257 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
258 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
259 assert len(res) == 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)
261 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
262 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
263 assert len(res) == 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
265 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
266 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
267 assert len(res) == 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
269 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
270 assertEquals(res[0]["cn"][0], "ldaptestuser")
271 assertEquals(res[0]["name"], "ldaptestuser")
273 # Testing ldb.search for (&(anr=testy)(objectClass=user))
274 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
275 assert len(res) == 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)
277 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
278 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
279 assert len(res) == 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)
281 # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
282 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
283 assert len(res) == 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)
285 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
286 assertEquals(res[0]["cn"][0], "ldaptestuser")
287 assertEquals(res[0]["name"][0], "ldaptestuser")
289 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
290 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
291 assert len(res) == 1, "Could not find (&(anr==testy ldap)(objectClass=user))"
293 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
294 assertEquals(res[0]["cn"][0], "ldaptestuser")
295 assertEquals(res[0]["name"][0], "ldaptestuser")
297 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
298 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
299 assert len(res) == 1, "Could not find (&(anr=testy ldap user)(objectClass=user))"
301 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
302 assertEquals(res[0]["cn"], "ldaptestuser2")
303 assertEquals(res[0]["name"], "ldaptestuser2")
305 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
306 res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
307 assert len(res) == 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))"
309 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
310 assertEquals(res[0]["cn"], "ldaptestuser2")
311 assertEquals(res[0]["name"], "ldaptestuser2")
313 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
314 res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
315 assert len(res) == 1, "Could not find (&(anr==ldap user2)(objectClass=user))"
317 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
318 assertEquals(res[0]["cn"], "ldaptestuser2")
319 assertEquals(res[0]["name"], "ldaptestuser2")
321 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
322 res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
323 assert len(res) == 0, "Must not find (&(anr==not ldap user2)(objectClass=user))"
325 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
326 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
327 assert len(res) == 0, "Must not find (&(anr=not ldap user2)(objectClass=user))"
329 print "Testing Group Modifies"
331 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
334 member: cn=ldaptestuser2,cn=users,""" + base_dn + """
335 member: cn=ldaptestcomputer,cn=computers,""" + base_dn + """
338 delete_force(ldb, "cn=ldaptestuser3,cn=users," + base_dn)
340 print "Testing adding non-existent user to a group"
343 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
346 member: cn=ldaptestuser3,cn=users,""" + base_dn + """
348 except LdbError, (num, _):
349 assert num == LDB_ERR_NO_SUCH_OBJECT
353 print "Testing Renames"
355 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
357 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
359 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn)
361 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
362 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
363 assert len(res) == 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))"
365 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
366 assertEquals(res[0]["cn"], "ldaptestUSER3")
367 assertEquals(res[0]["name"], "ldaptestUSER3")
369 # This is a Samba special, and does not exist in real AD
370 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
371 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
372 # if (res.error != 0 || len(res) != 1) {
373 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
374 # assertEquals(len(res), 1)
376 # assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
377 # assertEquals(res[0].cn, "ldaptestUSER3")
378 # assertEquals(res[0].name, "ldaptestUSER3")
380 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
381 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
382 assert len(res) == 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
383 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
384 assertEquals(res[0]["cn"], "ldaptestUSER3")
385 assertEquals(res[0]["name"], "ldaptestUSER3")
387 # ensure we cannot add it again
389 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + base_dn,
390 "objectClass": ["person", "user"],
391 "cn": "LDAPtestUSER3"})
392 except LdbError, (num, _):
393 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
398 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
400 # ensure we cannnot rename it twice
402 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
403 except LdbError, (num, _):
404 assert num == LDB_ERR_NO_SUCH_OBJECT
408 # ensure can now use that name
409 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + base_dn,
410 "objectClass": ["person", "user"],
411 "cn": "LDAPtestUSER3"})
413 # ensure we now cannnot rename
415 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
416 except LdbError, (num, _):
417 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
421 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn)
422 except LdbError, (num, _):
423 assert num in (71, 64)
427 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn)
429 ldb.delete("cn=ldaptestuser5,cn=users," + base_dn)
431 delete_force(ldb, "cn=ldaptestgroup2,cn=users," + base_dn)
433 ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn)
435 print "Testing subtree Renames"
437 ldb.add({"dn": "cn=ldaptestcontainer," + base_dn,
438 "objectClass": "container"})
441 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
442 "objectClass": ["person", "user"],
443 "cn": "LDAPtestUSER4"})
445 ldb.delete("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn)
446 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
447 "objectClass": ["person", "user"],
448 "cn": "LDAPtestUSER4"})
451 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
454 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + base_dn + """
457 print "Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn
458 ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn)
460 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
461 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
462 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))"
464 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
466 ldb.search("cn=ldaptestcontainer," + base_dn,
467 expression="(&(cn=ldaptestuser4)(objectClass=user))",
469 except LdbError, (num, _):
470 assert num == LDB_ERR_NO_SUCH_OBJECT
474 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
476 res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
477 except LdbError, (num, _):
478 assert num == LDB_ERR_NO_SUCH_OBJECT
482 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
483 res = ldb.search("cn=ldaptestcontainer2," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
484 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn
486 assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
487 assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + base_dn).upper())
489 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
490 res = ldb.search(base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
491 assert len(res) == 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?"
493 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn
495 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn)
496 except LdbError, (num, _):
497 assert num == LDB_ERR_UNWILLING_TO_PERFORM
501 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn
503 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn)
504 except LdbError, (num, _):
505 assert num in (53, 80)
509 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn
511 ldb.delete("cn=ldaptestcontainer2," + base_dn)
512 except LdbError, (num, _):
513 assert num == LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
517 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn
518 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
520 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
523 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
524 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + base_dn), scope=SCOPE_ONELEVEL)
527 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
528 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + base_dn), scope=SCOPE_SUBTREE)
531 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn)
532 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
533 print "Testing delete of renamed cn=ldaptestcontainer2," + base_dn
534 ldb.delete("cn=ldaptestcontainer2," + base_dn)
537 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
538 except LdbError, (num, _):
539 ldb.delete("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn)
540 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
543 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
544 except LdbError, (num, _):
545 ldb.delete("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn)
546 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn,
547 "objectClass": "user"})
549 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
550 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
551 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
553 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
554 assertEquals(res[0]["cn"], "ldaptestuser")
555 assertEquals(res[0]["name"], "ldaptestuser")
556 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
557 assert("objectGUID" in res[0])
558 assert("whenCreated" in res[0])
559 assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + base_dn))
560 assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
561 # assertEquals(res[0].userAccountControl, 546)
562 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
563 assertEquals(len(res[0]["memberOf"]), 1)
565 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
566 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))")
567 assert len(res2) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
569 assertEquals(res[0].dn, res2[0].dn)
571 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
572 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
573 assert len(res3) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + len(res3)
575 assertEquals(res[0].dn, res3[0].dn)
577 if gc_ldb is not None:
578 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
579 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
580 assert len(res3gc) == 1
582 assertEquals(res[0].dn, res3gc[0].dn)
584 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
586 res3control = gc_ldb.search(base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
587 assert len(res3control) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
589 assertEquals(res[0].dn, res3control[0].dn)
591 ldb.delete(res[0].dn)
593 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
594 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
595 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
597 assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + base_dn))
598 assertEquals(res[0]["cn"], "ldaptestcomputer")
599 assertEquals(res[0]["name"], "ldaptestcomputer")
600 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
601 assert("objectGUID" in res[0])
602 assert("whenCreated" in res[0])
603 assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + base_dn))
604 assertEquals(int(res[0]["primaryGroupID"][0]), 513)
605 # assertEquals(res[0].sAMAccountType, 805306368)
606 # assertEquals(res[0].userAccountControl, 546)
607 assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + base_dn)
608 assertEquals(len(res[0]["memberOf"]), 1)
610 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
611 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
612 assert len(res2) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
614 assertEquals(res[0].dn, res2[0].dn)
616 if gc_ldb is not None:
617 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
618 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
619 assert len(res2gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
621 assertEquals(res[0].dn, res2gc[0].dn)
623 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
624 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
625 assert len(res3) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
627 assertEquals(res[0].dn, res3[0].dn)
629 if gc_ldb is not None:
630 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
631 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
632 assert len(res3gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
634 assertEquals(res[0].dn, res3gc[0].dn)
636 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
637 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
638 assert len(res4) == 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
640 assertEquals(res[0].dn, res4[0].dn)
642 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
643 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
644 assert len(res5) == 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
646 assertEquals(res[0].dn, res5[0].dn)
648 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
649 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
650 assert len(res6) == 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))"
652 assertEquals(res[0].dn, res6[0].dn)
654 ldb.delete(res[0].dn)
656 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
657 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
658 assert len(res) == 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))"
660 assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + base_dn))
661 assertEquals(res[0]["cn"], "ldaptest2computer")
662 assertEquals(res[0]["name"], "ldaptest2computer")
663 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
664 assert("objectGUID" in res[0])
665 assert("whenCreated" in res[0])
666 assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + base_dn)
667 assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
668 # assertEquals(res[0].userAccountControl, 4098)
670 ldb.delete(res[0].dn)
672 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
673 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
674 res = ldb.search(base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
675 assert len(res) == 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))"
677 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
678 assertEquals(res[0]["cn"], "ldaptestuser2")
679 assertEquals(res[0]["name"], "ldaptestuser2")
680 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
681 assert("objectGUID" in res[0])
682 assert("whenCreated" in res[0])
683 assert("nTSecurityDescriptor" in res[0])
684 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
686 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
687 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
688 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
689 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
691 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
692 assertEquals(res[0]["cn"], "ldaptestgroup2")
693 assertEquals(res[0]["name"], "ldaptestgroup2")
694 assertEquals(res[0]["objectClass"], ["top", "group"])
695 assert("objectGuid" not in res[0])
696 assert("whenCreated" in res[0])
697 assert("nTSecurityDescriptor" in res[0])
698 assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + base_dn])
701 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
704 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
705 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
708 print "Testing Linked attribute behaviours"
710 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
716 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
719 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
720 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
724 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
730 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
733 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
734 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
738 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
741 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
744 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
745 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
747 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
748 assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + base_dn))
749 assertEquals(len(res[0]["member"]), 1)
751 ldb.delete(("CN=ldaptestuser2,CN=Users," + base_dn))
753 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
754 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
755 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
756 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
758 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
759 assert("member" not in res[0])
761 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
762 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
763 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
765 assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn))
766 assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
767 assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
768 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
769 assert("objectGUID" in res[0])
770 assert("whenCreated" in res[0])
772 ldb.delete(res[0].dn)
774 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
775 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
776 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))"
778 ldb.delete(res[0].dn)
780 ldb.delete(("CN=ldaptestgroup2,CN=Users," + base_dn))
782 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
783 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
785 #FIXME: assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
787 print "Testing that we can't get at the configuration DN from the main search base"
788 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
789 assert len(res) == 0, "Got configuration DN " + res[0].dn + " which should not be able to be seen from main search base"
790 assertEquals(len(res), 0)
792 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
793 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
796 if gc_ldb is not None:
797 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
799 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
802 print "Testing that we do find configuration elements in the global catlog"
803 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
804 assert (len(res) > 0)
806 print "Testing that we do find configuration elements and user elements at the same time"
807 res = gc_ldb.search(base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
808 assert (len(res) > 0)
810 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
811 res = gc_ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
812 assert (len(res) > 0)
814 print "Testing that we can get at the configuration DN on the main LDAP port"
815 res = ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
816 assert (len(res) > 0)
818 print "Testing objectCategory canonacolisation"
819 res = ldb.search(configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
820 assert len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA"
821 assert(len(res) != 0)
823 res = ldb.search(configuration_dn, expression="objectCategory=CN=ntDs-DSA," + schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
824 assert len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn
825 assert(len(res) != 0)
827 print "Testing objectClass attribute order on "+ base_dn
828 res = ldb.search(expression="objectClass=domain", base=base_dn,
829 scope=SCOPE_BASE, attrs=["objectClass"])
830 assertEquals(len(res), 1)
832 assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])
836 print "Testing ldb.search for objectCategory=person"
837 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
840 print "Testing ldb.search for objectCategory=person with domain scope control"
841 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
844 print "Testing ldb.search for objectCategory=user"
845 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
849 print "Testing ldb.search for objectCategory=user with domain scope control"
850 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
853 print "Testing ldb.search for objectCategory=group"
854 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
857 print "Testing ldb.search for objectCategory=group with domain scope control"
858 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
861 def basedn_tests(ldb, gc_ldb):
862 print "Testing for all rootDSE attributes"
863 res = ldb.search(scope=SCOPE_BASE, attrs=[])
864 assertEquals(len(res), 1)
866 print "Testing for highestCommittedUSN"
867 res = ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
868 assertEquals(len(res), 1)
869 assert(int(res[0]["highestCommittedUSN"][0]) != 0)
871 print "Testing for netlogon via LDAP"
872 res = ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
873 assertEquals(len(res), 0)
875 print "Testing for netlogon and highestCommittedUSN via LDAP"
876 res = ldb.search("", scope=SCOPE_BASE,
877 attrs=["netlogon", "highestCommittedUSN"])
878 assertEquals(len(res), 0)
881 def find_basedn(ldb):
882 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
883 attrs=["defaultNamingContext"])
884 assertEquals(len(res), 1)
885 return res[0]["defaultNamingContext"][0]
888 def find_configurationdn(ldb):
889 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
890 assertEquals(len(res), 1)
891 return res[0]["configurationNamingContext"][0]
894 def find_schemadn(ldb):
895 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
896 assertEquals(len(res), 1)
897 return res[0]["schemaNamingContext"][0]
899 if not "://" in host:
900 host = "ldap://%s" % host
902 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
903 base_dn = find_basedn(ldb)
904 configuration_dn = find_configurationdn(ldb)
905 schema_dn = find_schemadn(ldb)
907 print "baseDN: %s\n" % base_dn
909 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
910 session_info=system_session(), lp=lp)
912 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
913 basedn_tests(ldb, gc_ldb)