2 exec smbscript "$0" ${1+"$@"}
4 test certin LDAP behaviours
8 var gc_ldb = ldb_init();
10 var options = GetOptions(ARGV,
13 "POPT_COMMON_CREDENTIALS");
14 if (options == undefined) {
15 println("Failed to parse options");
19 libinclude("base.js");
21 if (options.ARGV.length != 1) {
22 println("Usage: ldap.js <HOST>");
26 var host = options.ARGV[0];
28 function basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
30 println("Running basic tests");
32 ldb.del("cn=ldaptestuser,cn=users," + base_dn);
34 ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
36 println("Testing group add with invalid member");
38 dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
40 member: cn=ldaptestuser,cn=useRs," + base_dn + "
43 if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
45 assert(ok.error == 32);
49 dn: cn=ldaptestuser,cn=uSers," + base_dn + "
55 ok = ldb.del("cn=ldaptestuser,cn=users," + base_dn);
58 assert(ok.error == 0);
61 dn: cn=ldaptestuser,cn=uSers," + base_dn + "
68 assert(ok.error == 0);
73 dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
75 member: cn=ldaptestuser,cn=useRs," + base_dn + "
79 assert(ok.error == 0);
83 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
88 ok = ldb.del("cn=ldaptestcomputer,cn=computers," + base_dn);
91 assert(ok.error == 0);
94 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
100 assert(ok.error == 0);
106 assert(ok.error == 0);
110 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
111 objectClass: computer
112 cn: LDAPtest2COMPUTER
113 userAccountControl: 4096
116 ok = ldb.del("cn=ldaptest2computer,cn=computers," + base_dn);
119 assert(ok.error == 0);
122 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
123 objectClass: computer
124 cn: LDAPtest2COMPUTER
125 userAccountControl: 4096
129 assert(ok.error == 0);
134 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
136 replace: servicePrincipalName
137 servicePrincipalName: host/ldaptest2computer
138 servicePrincipalName: host/ldaptest2computer
139 servicePrincipalName: cifs/ldaptest2computer
142 //LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
143 if (ok.error != 20) {
144 println("Expected error LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got :" + ok.errstr);
145 assert(ok.error == 20);
149 dn: cn=ldaptestuser2,cn=useRs," + base_dn + "
155 ok = ldb.del("cn=ldaptestuser2,cn=users," + base_dn);
158 assert(ok.error == 0);
161 dn: cn=ldaptestuser2,cn=useRs," + base_dn + "
168 assert(ok.error == 0);
172 println("Testing Group Modifies");
174 dn: cn=ldaptestgroup,cn=users," + base_dn + "
177 member: cn=ldaptestuser2,cn=users," + base_dn + "
178 member: cn=ldaptestcomputer,cn=computers," + base_dn + "
183 assert(ok.error == 0);
186 ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
188 println("Testing adding non-existent user to a group");
190 dn: cn=ldaptestgroup,cn=users," + base_dn + "
193 member: cn=ldaptestuser3,cn=users," + base_dn + "
195 if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
197 assert(ok.error == 32);
200 println("Testing Renames");
202 ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
204 println("Could not rename cn=ldaptestuser2,cn=users," + base_dn + " into cn=ldaptestuser3,cn=users," + base_dn + ": " + ok.errstr);
205 assert(ok.error == 0);
208 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
210 println("Could not rename cn=ldaptestuser3,cn=users," + base_dn + " onto itself: " + ok.errstr);
211 assert(ok.error == 0);
214 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn);
216 println("Could not rename cn=ldaptestuser3,cn=users," + base_dn + " into cn=ldaptestUSER3,cn=users," + base_dn + ": " + ok.errstr);
217 assert(ok.error == 0);
220 println("Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))");
221 var res = ldb.search("(&(cn=ldaptestuser3)(objectClass=user))");
222 if (res.error != 0 || res.msgs.length != 1) {
223 println("Could not find (&(cn=ldaptestuser3)(objectClass=user))");
224 assert(res.error == 0);
225 assert(res.msgs.length == 1);
228 assert(res.msgs[0].dn == ("CN=ldaptestUSER3,CN=Users," + base_dn));
229 assert(res.msgs[0].cn == "ldaptestUSER3");
230 assert(res.msgs[0].name == "ldaptestUSER3");
232 // ensure we cannot add it again
234 dn: cn=ldaptestuser3,cn=userS," + base_dn + "
239 //LDB_ERR_ENTRY_ALREADY_EXISTS
240 if (ok.error != 68) {
241 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
242 assert(ok.error == 68);
246 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
249 assert(ok.error == 0);
252 // ensure we cannnot rename it twice
253 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
254 //LDB_ERR_NO_SUCH_OBJECT
255 assert(ok.error == 32);
257 // ensure can now use that name
259 dn: cn=ldaptestuser3,cn=users," + base_dn + "
265 // ensure we now cannnot rename
266 ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
267 //LDB_ERR_ENTRY_ALREADY_EXISTS
268 if (ok.error != 68) {
269 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
270 assert(ok.error == 68);
272 assert(ok.error == 68);
273 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn);
274 if (ok.error != 71 && ok.error != 64) {
275 println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS or LDAP_NAMING_VIOLATION, got: " + ok.errstr);
276 assert(ok.error == 71 || ok.error == 64);
278 assert(ok.error == 71 || ok.error == 64);
280 ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn);
283 assert(ok.error == 0);
286 ok = ldb.del("cn=ldaptestuser5,cn=users," + base_dn);
288 ok = ldb.del("cn=ldaptestgroup2,cn=users," + base_dn);
290 ok = ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn);
293 assert(ok.error == 0);
296 println("Testing subtree Renames");
299 dn: cn=ldaptestcontainer," + base_dn + "
300 objectClass: container
304 dn: CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn + "
310 ok = ldb.del("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn);
313 assert(ok.error == 0);
316 dn: CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn + "
323 assert(ok.error == 0);
327 println("Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn);
328 ok = ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn);
331 assert(ok.error == 0);
334 println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))");
335 var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))");
336 if (res.error != 0 || res.msgs.length != 1) {
337 println("Could not find (&(cn=ldaptestuser4)(objectClass=user))");
338 assert(res.error == 0);
339 assert(res.msgs.length == 1);
342 assert(res.msgs[0].dn == ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn));
344 println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container");
345 var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))", "cn=ldaptestcontainer2," + base_dn, ldb.SCOPE_SUBTREE);
346 if (res.error != 0 || res.msgs.length != 1) {
347 println("Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn);
348 assert(res.error == 0);
349 assert(res.msgs.length == 1);
352 assert(res.msgs[0].dn == ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn));
354 println("Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
355 ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
356 if (ok.error != 53) { /* LDAP_UNWILLING_TO_PERFORM */
358 assert(ok.error == 53);
361 println("Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn);
362 ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn);
363 if (ok.error != 53 && ok.error != 80) { /* LDAP_UNWILLING_TO_PERFORM or LDAP_OTHER*/
365 assert(ok.error == 53 || ok.error == 80);
368 println("Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn);
369 ok = ldb.del("cn=ldaptestcontainer2," + base_dn);
370 if (ok.error != 66) { /* LDB_ERR_NOT_ALLOWED_ON_NON_LEAF */
372 assert(ok.error == 66);
374 println("Testing delete of subtree renamed "+res.msgs[0].dn);
375 ok = ldb.del(res.msgs[0].dn);
378 assert(ok.error == 0);
380 println("Testing delete of renamed cn=ldaptestcontainer2," + base_dn);
381 ok = ldb.del("cn=ldaptestcontainer2," + base_dn);
384 assert(ok.error == 0);
388 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
392 ok = ldb.del("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn);
395 assert(ok.error == 0);
398 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
403 assert(ok.error == 0);
408 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
412 ok = ldb.del("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn);
415 assert(ok.error == 0);
418 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
423 assert(ok.error == 0);
427 println("Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))");
428 var res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))");
429 if (res.error != 0 || res.msgs.length != 1) {
430 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
431 assert(res.error == 0);
432 assert(res.msgs.length == 1);
435 assert(res.msgs[0].dn == ("CN=ldaptestuser,CN=Users," + base_dn));
436 assert(res.msgs[0].cn == "ldaptestuser");
437 assert(res.msgs[0].name == "ldaptestuser");
438 assert(res.msgs[0].objectClass[0] == "top");
439 assert(res.msgs[0].objectClass[1] == "person");
440 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
441 assert(res.msgs[0].objectClass[3] == "user");
442 assert(res.msgs[0].objectGUID != undefined);
443 assert(res.msgs[0].whenCreated != undefined);
444 assert(res.msgs[0].objectCategory == ("CN=Person,CN=Schema,CN=Configuration," + base_dn));
445 assert(res.msgs[0].sAMAccountType == 805306368);
446 // assert(res[0].userAccountControl == 546);
447 assert(res.msgs[0].memberOf[0] == ("CN=ldaptestgroup2,CN=Users," + base_dn));
448 assert(res.msgs[0].memberOf.length == 1);
450 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
451 var res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
452 if (res2.error != 0 || res2.msgs.length != 1) {
453 println("Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
454 assert(res2.error == 0);
455 assert(res2.msgs.length == 1);
458 assert(res.msgs[0].dn == res2.msgs[0].dn);
460 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))");
461 var res3 = ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
462 if (res3.error != 0) {
463 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): " + res3.errstr);
464 assert(res3.error == 0);
465 } else if (res3.msgs.length != 1) {
466 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + res3.msgs.length);
467 assert(res3.msgs.length == 1);
470 assert(res.msgs[0].dn == res3.msgs[0].dn);
472 if (gc_ldb != undefined) {
473 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
474 var res3gc = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
475 if (res3gc.error != 0) {
476 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: " + res3gc.errstr);
477 assert(res3gc.error == 0);
478 } else if (res3gc.msgs.length != 1) {
479 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: matched " + res3gc.msgs.length);
480 assert(res3gc.msgs.length == 1);
483 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
486 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control");
487 var attrs = new Array("cn");
488 var controls = new Array("search_options:1:2");
489 var res3control = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
490 if (res3control.error != 0 || res3control.msgs.length != 1) {
491 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
492 assert(res3control.error == 0);
493 assert(res3control.msgs.length == 1);
496 assert(res.msgs[0].dn == res3control.msgs[0].dn);
498 ok = ldb.del(res.msgs[0].dn);
501 assert(ok.error == 0);
504 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))");
505 var res = ldb.search("(&(cn=ldaptestcomputer)(objectClass=user))");
506 if (res.error != 0 || res.msgs.length != 1) {
507 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
508 assert(res.error == 0);
509 assert(res.msgs.length == 1);
512 assert(res.msgs[0].dn == ("CN=ldaptestcomputer,CN=Computers," + base_dn));
513 assert(res.msgs[0].cn == "ldaptestcomputer");
514 assert(res.msgs[0].name == "ldaptestcomputer");
515 assert(res.msgs[0].objectClass[0] == "top");
516 assert(res.msgs[0].objectClass[1] == "person");
517 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
518 assert(res.msgs[0].objectClass[3] == "user");
519 assert(res.msgs[0].objectClass[4] == "computer");
520 assert(res.msgs[0].objectGUID != undefined);
521 assert(res.msgs[0].whenCreated != undefined);
522 assert(res.msgs[0].objectCategory == ("CN=Computer,CN=Schema,CN=Configuration," + base_dn));
523 assert(res.msgs[0].primaryGroupID == 513);
524 // assert(res.msgs[0].sAMAccountType == 805306368);
525 // assert(res.msgs[0].userAccountControl == 546);
526 assert(res.msgs[0].memberOf[0] == ("CN=ldaptestgroup2,CN=Users," + base_dn));
527 assert(res.msgs[0].memberOf.length == 1);
529 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
530 var res2 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
531 if (res2.error != 0 || res2.msgs.length != 1) {
532 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
533 assert(res2.error == 0);
534 assert(res2.msgs.length == 1);
537 assert(res.msgs[0].dn == res2.msgs[0].dn);
539 if (gc_ldb != undefined) {
540 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
541 var res2gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
542 if (res2gc.error != 0 || res2gc.msgs.length != 1) {
543 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
544 assert(res2gc.error == 0);
545 assert(res2gc.msgs.length == 1);
548 assert(res.msgs[0].dn == res2gc.msgs[0].dn);
551 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
552 var res3 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
553 if (res3.error != 0 || res3.msgs.length != 1) {
554 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
555 assert(res3.error == 0);
556 assert(res3.msgs.length == 1);
559 assert(res.msgs[0].dn == res3.msgs[0].dn);
561 if (gc_ldb != undefined) {
562 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
563 var res3gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
564 if (res3gc.error != 0 || res3gc.msgs.length != 1) {
565 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
566 assert(res3gc.error == 0);
567 assert(res3gc.msgs.length == 1);
570 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
573 println("Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
574 var res4 = ldb.search("(&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
575 if (res4.error != 0 || res4.msgs.length != 1) {
576 println("Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
577 assert(res4.error == 0);
578 assert(res4.msgs.length == 1);
581 assert(res.msgs[0].dn == res4.msgs[0].dn);
583 println("Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
584 var res5 = ldb.search("(&(cn=ldaptestcomput*)(objectCategory=compuTER))");
585 if (res5.error != 0 || res5.msgs.length != 1) {
586 println("Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
587 assert(res5.error == 0);
588 assert(res5.msgs.length == 1);
591 assert(res.msgs[0].dn == res5.msgs[0].dn);
593 println("Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))");
594 var res6 = ldb.search("(&(cn=*daptestcomputer)(objectCategory=compuTER))");
595 if (res6.error != 0 || res6.msgs.length != 1) {
596 println("Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))");
597 assert(res6.error == 0);
598 assert(res6.msgs.length == 1);
601 assert(res.msgs[0].dn == res6.msgs[0].dn);
603 ok = ldb.del(res.msgs[0].dn);
606 assert(ok.error == 0);
609 println("Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))");
610 var res = ldb.search("(&(cn=ldaptest2computer)(objectClass=user))");
611 if (res.error != 0 || res.msgs.length != 1) {
612 println("Could not find (&(cn=ldaptest2computer)(objectClass=user))");
613 assert(res.error == 0);
614 assert(res.msgs.length == 1);
617 assert(res.msgs[0].dn == ("CN=ldaptest2computer,CN=Computers," + base_dn));
618 assert(res.msgs[0].cn == "ldaptest2computer");
619 assert(res.msgs[0].name == "ldaptest2computer");
620 assert(res.msgs[0].objectClass[0] == "top");
621 assert(res.msgs[0].objectClass[1] == "person");
622 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
623 assert(res.msgs[0].objectClass[3] == "user");
624 assert(res.msgs[0].objectClass[4] == "computer");
625 assert(res.msgs[0].objectGUID != undefined);
626 assert(res.msgs[0].whenCreated != undefined);
627 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
628 assert(res.msgs[0].sAMAccountType == 805306369);
629 // assert(res.msgs[0].userAccountControl == 4098);
632 ok = ldb.del(res.msgs[0].dn);
635 assert(ok.error == 0);
638 var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf");
639 println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
640 var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs);
641 if (res.error != 0 || res.msgs.length != 1) {
642 println("Could not find (&(cn=ldaptestUSer2)(objectClass=user))");
643 assert(res.error == 0);
644 assert(res.msgs.length == 1);
647 assert(res.msgs[0].dn == ("CN=ldaptestuser2,CN=Users," + base_dn));
648 assert(res.msgs[0].cn == "ldaptestuser2");
649 assert(res.msgs[0].name == "ldaptestuser2");
650 assert(res.msgs[0].objectClass[0] == "top");
651 assert(res.msgs[0].objectClass[1] == "person");
652 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
653 assert(res.msgs[0].objectClass[3] == "user");
654 assert(res.msgs[0].objectGUID != undefined);
655 assert(res.msgs[0].whenCreated != undefined);
656 assert(res.msgs[0].nTSecurityDescriptor != undefined);
657 assert(res.msgs[0].memberOf[0] == ("CN=ldaptestgroup2,CN=Users," + base_dn));
659 var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member");
660 println("Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))");
661 var res = ldb.search("(&(cn=ldaptestgroup2)(objectClass=group))", base_dn, ldb.SCOPE_SUBTREE, attrs);
662 if (res.error != 0 || res.msgs.length != 1) {
663 println("Could not find (&(cn=ldaptestgroup2)(objectClass=group))");
664 assert(res.error == 0);
665 assert(res.msgs.length == 1);
668 assert(res.msgs[0].dn == ("CN=ldaptestgroup2,CN=Users," + base_dn));
669 assert(res.msgs[0].cn == "ldaptestgroup2");
670 assert(res.msgs[0].name == "ldaptestgroup2");
671 assert(res.msgs[0].objectClass[0] == "top");
672 assert(res.msgs[0].objectClass[1] == "group");
673 assert(res.msgs[0].objectGUID != undefined);
674 assert(res.msgs[0].whenCreated != undefined);
675 assert(res.msgs[0].nTSecurityDescriptor != undefined);
676 assert(res.msgs[0].member[0] == ("CN=ldaptestuser2,CN=Users," + base_dn));
677 assert(res.msgs[0].member.length == 1);
679 ok = ldb.del(("CN=ldaptestuser2,CN=Users," + base_dn));
682 assert(ok.error == 0);
685 println("Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
686 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
688 if (res.error != 0 || res.msgs.length != 1) {
689 println("Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
690 assert(res.error == 0);
691 assert(res.msgs.length == 1);
694 assert(res.msgs[0].dn == ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn));
695 assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà");
696 assert(res.msgs[0].name == "ldaptestutf8user èùéìòà");
697 assert(res.msgs[0].objectClass[0] == "top");
698 assert(res.msgs[0].objectClass[1] == "person");
699 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
700 assert(res.msgs[0].objectClass[3] == "user");
701 assert(res.msgs[0].objectGUID != undefined);
702 assert(res.msgs[0].whenCreated != undefined);
704 ok = ldb.del(res.msgs[0].dn);
707 assert(ok.error == 0);
710 ok = ldb.del(("CN=ldaptestgroup2,CN=Users," + base_dn))
713 assert(ok.error == 0);
716 println("Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
717 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
719 if (res.error != 0 || res.msgs.length != 1) {
720 println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
722 assert(res.msgs[0].dn == ("cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn));
723 assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà");
726 println("Testing that we can't get at the configuration DN from the main search base");
727 var attrs = new Array("cn");
728 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
729 assert(res.error == 0);
730 if (res.msgs.length != 0) {
731 println("Got configuration DN " + res.msgs[0].dn + " which should not be able to be seen from main search base");
733 assert(res.msgs.length == 0);
735 println("Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control");
736 var attrs = new Array("cn");
737 var controls = new Array("search_options:1:2");
738 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
739 assert(res.error == 0);
740 assert(res.msgs.length > 0);
742 if (gc_ldb != undefined) {
743 println("Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0");
744 var attrs = new Array("cn");
745 var controls = new Array("search_options:1:0");
746 var res = gc_ldb.search("objectClass=crossRef", base_dn, gc_ldb.SCOPE_SUBTREE, attrs, controls);
747 assert(res.error == 0);
748 assert(res.msgs.length > 0);
750 println("Testing that we do find configuration elements in the global catlog");
751 var attrs = new Array("cn");
752 var res = gc_ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
753 assert(res.error == 0);
754 assert (res.msgs.length > 0);
756 println("Testing that we do find configuration elements and user elements at the same time");
757 var attrs = new Array("cn");
758 var res = gc_ldb.search("(|(objectClass=crossRef)(objectClass=person))", base_dn, ldb.SCOPE_SUBTREE, attrs);
759 assert(res.error == 0);
760 assert (res.msgs.length > 0);
762 println("Testing that we do find configuration elements in the global catlog, with the configuration basedn");
763 var attrs = new Array("cn");
764 var res = gc_ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
765 assert(res.error == 0);
766 assert (res.msgs.length > 0);
769 println("Testing that we can get at the configuration DN on the main LDAP port");
770 var attrs = new Array("cn");
771 var res = ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
772 assert(res.error == 0);
773 assert (res.msgs.length > 0);
775 println("Testing objectCategory canonacolisation");
776 var attrs = new Array("cn");
777 var res = ldb.search("objectCategory=ntDsDSA", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
778 assert(res.error == 0);
779 if (res.msgs.length == 0) {
780 println("Didn't find any records with objectCategory=ntDsDSA");
782 assert(res.msgs.length != 0);
784 var attrs = new Array("cn");
785 var res = ldb.search("objectCategory=CN=ntDs-DSA," + schema_dn, configuration_dn, ldb.SCOPE_SUBTREE, attrs);
786 assert(res.error == 0);
787 if (res.msgs.length == 0) {
788 println("Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn);
790 assert(res.msgs.length != 0);
792 println("Testing objectClass attribute order on "+ base_dn);
793 var attrs = new Array("objectClass");
794 var res = ldb.search("objectClass=domain", base_dn, ldb.SCOPE_BASE, attrs);
795 assert(res.error == 0);
796 assert(res.msgs.length == 1);
798 assert(res.msgs[0].objectClass[0] == "top");
799 assert(res.msgs[0].objectClass[1] == "domain");
800 assert(res.msgs[0].objectClass[2] == "domainDNS");
804 var attrs = new Array("cn");
805 println("Testing ldb.search for objectCategory=person");
806 var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs);
807 assert(res.error == 0);
808 assert(res.msgs.length > 0);
810 var attrs = new Array("cn");
811 var controls = new Array("domain_scope:1");
812 println("Testing ldb.search for objectCategory=person with domain scope control");
813 var res = ldb.search("objectCategory=person", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
814 assert(res.error == 0);
815 assert(res.msgs.length > 0);
817 var attrs = new Array("cn");
818 println("Testing ldb.search for objectCategory=user");
819 var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs);
820 assert(res.error == 0);
821 assert(res.msgs.length > 0);
823 var attrs = new Array("cn");
824 var controls = new Array("domain_scope:1");
825 println("Testing ldb.search for objectCategory=user with domain scope control");
826 var res = ldb.search("objectCategory=user", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
827 assert(res.error == 0);
828 assert(res.msgs.length > 0);
830 var attrs = new Array("cn");
831 println("Testing ldb.search for objectCategory=group");
832 var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs);
833 assert(res.error == 0);
834 assert(res.msgs.length > 0);
836 var attrs = new Array("cn");
837 var controls = new Array("domain_scope:1");
838 println("Testing ldb.search for objectCategory=group with domain scope control");
839 var res = ldb.search("objectCategory=group", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
840 assert(res.error == 0);
841 assert(res.msgs.length > 0);
845 function basedn_tests(ldb, gc_ldb)
847 println("Testing for all rootDSE attributes");
848 var attrs = new Array();
849 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
850 assert(res.error == 0);
851 assert(res.msgs.length == 1);
853 println("Testing for highestCommittedUSN");
854 var attrs = new Array("highestCommittedUSN");
855 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
856 assert(res.error == 0);
857 assert(res.msgs.length == 1);
858 assert(res.msgs[0].highestCommittedUSN != undefined);
859 assert(res.msgs[0].highestCommittedUSN != 0);
861 println("Testing for netlogon via LDAP");
862 var attrs = new Array("netlogon");
863 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
864 assert(res.error == 0);
865 assert(res.msgs.length == 0);
867 println("Testing for netlogon and highestCommittedUSN via LDAP");
868 var attrs = new Array("netlogon", "highestCommittedUSN");
869 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
870 assert(res.error == 0);
871 assert(res.msgs.length == 0);
874 function find_basedn(ldb)
876 var attrs = new Array("defaultNamingContext");
877 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
878 assert(res.error == 0);
879 assert(res.msgs.length == 1);
880 return res.msgs[0].defaultNamingContext;
883 function find_configurationdn(ldb)
885 var attrs = new Array("configurationNamingContext");
886 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
887 assert(res.error == 0);
888 assert(res.msgs.length == 1);
889 return res.msgs[0].configurationNamingContext;
892 function find_schemadn(ldb)
894 var attrs = new Array("schemaNamingContext");
895 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
896 assert(res.error == 0);
897 assert(res.msgs.length == 1);
898 return res.msgs[0].schemaNamingContext;
901 /* use command line creds if available */
902 ldb.credentials = options.get_credentials();
903 gc_ldb.credentials = options.get_credentials();
905 var ok = ldb.connect("ldap://" + host);
906 var base_dn = find_basedn(ldb);
907 var configuration_dn = find_configurationdn(ldb);
908 var schema_dn = find_schemadn(ldb);
910 println("baseDN: %s\n", base_dn);
912 var ok = gc_ldb.connect("ldap://" + host + ":3268");
917 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
919 basedn_tests(ldb, gc_ldb)