SMB2 signing now works. The spec was wrong (and will be fixed in the
[kai/samba.git] / source / lib / ldb / tests / python / ldap.py
1 #!/usr/bin/python
2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
4
5 import getopt
6 import optparse
7 import sys
8
9 sys.path.append("bin/python")
10
11 import samba.getopt as options
12
13 from samba.auth import system_session
14 from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
15                  LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
16                  LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
17                  LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER)
18 from samba import Ldb
19 from subunit import SubunitTestRunner
20 from samba import param
21 import unittest
22
23 parser = optparse.OptionParser("ldap [options] <host>")
24 sambaopts = options.SambaOptions(parser)
25 parser.add_option_group(sambaopts)
26 parser.add_option_group(options.VersionOptions(parser))
27 # use command line creds if available
28 credopts = options.CredentialsOptions(parser)
29 parser.add_option_group(credopts)
30 opts, args = parser.parse_args()
31
32 if len(args) < 1:
33     parser.print_usage()
34     sys.exit(1)
35
36 host = args[0]
37
38 lp = sambaopts.get_loadparm()
39 creds = credopts.get_credentials(lp)
40
41 class BasicTests(unittest.TestCase):
42     def delete_force(self, ldb, dn):
43         try:
44             ldb.delete(dn)
45         except LdbError, (num, _): 
46             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
47
48     def find_basedn(self, ldb):
49         res = ldb.search(base="", expression="", scope=SCOPE_BASE, 
50                          attrs=["defaultNamingContext"])
51         self.assertEquals(len(res), 1)
52         return res[0]["defaultNamingContext"][0]
53
54     def find_configurationdn(self, ldb):
55         res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
56         self.assertEquals(len(res), 1)
57         return res[0]["configurationNamingContext"][0]
58
59     def find_schemadn(self, ldb):
60         res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
61         self.assertEquals(len(res), 1)
62         return res[0]["schemaNamingContext"][0]
63
64     def setUp(self):
65         self.ldb = ldb
66         self.gc_ldb = gc_ldb
67         self.base_dn = self.find_basedn(ldb)
68         self.configuration_dn = self.find_configurationdn(ldb)
69         self.schema_dn = self.find_schemadn(ldb)
70
71         print "baseDN: %s\n" % self.base_dn
72
73         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
74         self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
75
76     def test_group_add_invalid_member(self):
77         """Testing group add with invalid member"""
78         try:
79             self.ldb.add({
80                 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
81                 "objectclass": "group",
82                 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
83             self.fail()
84         except LdbError, (num, _): 
85             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
86
87     def test_all(self):
88         """Basic tests"""
89
90         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
91
92         print "Testing user add"
93         ldb.add({
94         "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
95         "objectclass": ["user", "person"],
96         "cN": "LDAPtestUSER",
97         "givenname": "ldap",
98         "sn": "testy"})
99
100         ldb.add({
101             "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
102             "objectclass": "group",
103             "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
104
105         self.delete_force(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
106         ldb.add({
107             "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
108             "objectclass": "computer",
109             "cN": "LDAPtestCOMPUTER"})
110
111         self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
112         ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
113             "objectClass": "computer",
114             "cn": "LDAPtest2COMPUTER",
115             "userAccountControl": "4096",
116             "displayname": "ldap testy"})
117
118         print "Testing attribute or value exists behaviour"
119         try:
120             ldb.modify_ldif("""
121 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
122 changetype: modify
123 replace: servicePrincipalName
124 servicePrincipalName: host/ldaptest2computer
125 servicePrincipalName: host/ldaptest2computer
126 servicePrincipalName: cifs/ldaptest2computer
127 """)
128         except LdbError, (num, msg):
129             self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS)
130
131             ldb.modify_ldif("""
132 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
133 changetype: modify
134 replace: servicePrincipalName
135 servicePrincipalName: host/ldaptest2computer
136 servicePrincipalName: cifs/ldaptest2computer
137 """)
138             try:
139                 ldb.modify_ldif("""
140 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
141 changetype: modify
142 add: servicePrincipalName
143 servicePrincipalName: host/ldaptest2computer
144 """)
145             except LdbError, (num, msg):
146                 self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS)
147             
148             print "Testing ranged results"
149             ldb.modify_ldif("""
150 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
151 changetype: modify
152 replace: servicePrincipalName
153 """)
154             
155             ldb.modify_ldif("""
156 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
157 changetype: modify
158 add: servicePrincipalName
159 servicePrincipalName: host/ldaptest2computer0
160 servicePrincipalName: host/ldaptest2computer1
161 servicePrincipalName: host/ldaptest2computer2
162 servicePrincipalName: host/ldaptest2computer3
163 servicePrincipalName: host/ldaptest2computer4
164 servicePrincipalName: host/ldaptest2computer5
165 servicePrincipalName: host/ldaptest2computer6
166 servicePrincipalName: host/ldaptest2computer7
167 servicePrincipalName: host/ldaptest2computer8
168 servicePrincipalName: host/ldaptest2computer9
169 servicePrincipalName: host/ldaptest2computer10
170 servicePrincipalName: host/ldaptest2computer11
171 servicePrincipalName: host/ldaptest2computer12
172 servicePrincipalName: host/ldaptest2computer13
173 servicePrincipalName: host/ldaptest2computer14
174 servicePrincipalName: host/ldaptest2computer15
175 servicePrincipalName: host/ldaptest2computer16
176 servicePrincipalName: host/ldaptest2computer17
177 servicePrincipalName: host/ldaptest2computer18
178 servicePrincipalName: host/ldaptest2computer19
179 servicePrincipalName: host/ldaptest2computer20
180 servicePrincipalName: host/ldaptest2computer21
181 servicePrincipalName: host/ldaptest2computer22
182 servicePrincipalName: host/ldaptest2computer23
183 servicePrincipalName: host/ldaptest2computer24
184 servicePrincipalName: host/ldaptest2computer25
185 servicePrincipalName: host/ldaptest2computer26
186 servicePrincipalName: host/ldaptest2computer27
187 servicePrincipalName: host/ldaptest2computer28
188 servicePrincipalName: host/ldaptest2computer29
189 """)
190
191             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, 
192                              attrs=["servicePrincipalName;range=0-*"])
193             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
194             #print len(res[0]["servicePrincipalName;range=0-*"])
195             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
196
197             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
198             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
199             # print res[0]["servicePrincipalName;range=0-19"].length
200             self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
201
202             
203             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
204             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
205             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
206
207             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
208             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
209             self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
210
211             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
212             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
213             self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
214
215             
216             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
217             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
218             self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
219             # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
220
221             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
222             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
223             self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
224             # print res[0]["servicePrincipalName;range=11-*"][18]
225             # print pos_11
226             # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
227
228             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
229             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
230             self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
231             # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
232
233             res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
234             self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
235             # print res[0]["servicePrincipalName"][18]
236             # print pos_11
237             self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
238             # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
239
240         self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
241         ldb.add({
242             "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
243             "objectClass": ["person", "user"],
244             "cn": "LDAPtestUSER2",
245             "givenname": "testy",
246             "sn": "ldap user2"})
247
248         print "Testing Ambigious Name Resolution"
249         # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
250         res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
251         self.assertEquals(len(res), 3, "Could not find (&(anr=ldap testy)(objectClass=user))")
252
253         # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
254         res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
255         self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
256
257         # Testing ldb.search for (&(anr=ldap)(objectClass=user))
258         res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
259         self.assertEquals(len(res), 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
260
261         # Testing ldb.search for (&(anr==ldap)(objectClass=user))
262         res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
263         self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
264
265         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
266         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
267         self.assertEquals(res[0]["name"], "ldaptestuser")
268
269         # Testing ldb.search for (&(anr=testy)(objectClass=user))
270         res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
271         self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
272
273         # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
274         res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
275         self.assertEquals(len(res), 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res))
276
277         # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
278         res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
279         self.assertEquals(len(res), 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res))
280
281         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
282         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
283         self.assertEquals(res[0]["name"][0], "ldaptestuser")
284
285         # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
286         res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
287         self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
288
289         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
290         self.assertEquals(res[0]["cn"][0], "ldaptestuser")
291         self.assertEquals(res[0]["name"][0], "ldaptestuser")
292
293         # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
294         res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
295         self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
296
297         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
298         self.assertEquals(res[0]["cn"], "ldaptestuser2")
299         self.assertEquals(res[0]["name"], "ldaptestuser2")
300
301         # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
302         res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
303         self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
304
305         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
306         self.assertEquals(res[0]["cn"], "ldaptestuser2")
307         self.assertEquals(res[0]["name"], "ldaptestuser2")
308
309         # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
310         res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
311         self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
312
313         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
314         self.assertEquals(res[0]["cn"], "ldaptestuser2")
315         self.assertEquals(res[0]["name"], "ldaptestuser2")
316
317         # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
318         res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
319         self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
320
321         # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
322         res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
323         self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
324
325         print "Testing Group Modifies"
326         ldb.modify_ldif("""
327 dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """
328 changetype: modify
329 add: member
330 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
331 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
332 """)
333
334         self.delete_force(ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
335
336         print "Testing adding non-existent user to a group"
337         try:
338             ldb.modify_ldif("""
339 dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """
340 changetype: modify
341 add: member
342 member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """
343 """)
344             self.fail()
345         except LdbError, (num, _):
346             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
347
348         print "Testing Renames"
349
350         ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
351
352         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
353
354         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
355
356         print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
357         res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
358         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
359
360         self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
361         self.assertEquals(res[0]["cn"], "ldaptestUSER3")
362         self.assertEquals(res[0]["name"], "ldaptestUSER3")
363
364         # This is a Samba special, and does not exist in real AD
365         #    print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
366         #    res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
367         #    if (res.error != 0 || len(res) != 1) {
368         #        print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
369         #        self.assertEquals(len(res), 1)
370         #    }
371         #    self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
372         #    self.assertEquals(res[0].cn, "ldaptestUSER3")
373         #    self.assertEquals(res[0].name, "ldaptestUSER3")
374
375         print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
376         res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
377         self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
378         self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
379         self.assertEquals(res[0]["cn"], "ldaptestUSER3")
380         self.assertEquals(res[0]["name"], "ldaptestUSER3")
381
382         # ensure we cannot add it again
383         try:
384             ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
385                       "objectClass": ["person", "user"],
386                       "cn": "LDAPtestUSER3"})
387             self.fail()
388         except LdbError, (num, _):
389             self.assertEquals(num, LDB_ERR_ENTRY_ALREADY_EXISTS)
390
391         # rename back
392         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
393
394         # ensure we cannnot rename it twice
395         try:
396             ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, 
397                        "cn=ldaptestuser2,cn=users," + self.base_dn)
398             self.fail()
399         except LdbError, (num, _): 
400             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
401
402         # ensure can now use that name
403         ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
404                       "objectClass": ["person", "user"],
405                       "cn": "LDAPtestUSER3"})
406         
407         # ensure we now cannnot rename
408         try:
409             ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
410             self.fail()
411         except LdbError, (num, _):
412             self.assertEquals(num, LDB_ERR_ENTRY_ALREADY_EXISTS)
413         try:
414             ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
415             self.fail()
416         except LdbError, (num, _):
417             self.assertTrue(num in (71, 64))
418
419         ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
420
421         ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
422
423         self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
424
425         ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
426
427         print "Testing subtree Renames"
428
429         ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn, 
430                  "objectClass": "container"})
431         
432         self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
433         ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn, 
434                  "objectClass": ["person", "user"],
435                  "cn": "LDAPtestUSER4"})
436
437         ldb.modify_ldif("""
438 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
439 changetype: modify
440 add: member
441 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
442 """)
443         
444         print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
445         ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
446
447         print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
448         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
449         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
450
451         print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
452         try:
453             ldb.search("cn=ldaptestcontainer," + self.base_dn, 
454                     expression="(&(cn=ldaptestuser4)(objectClass=user))", 
455                     scope=SCOPE_SUBTREE)
456             self.fail()
457         except LdbError, (num, _):
458             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
459
460         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
461         try:
462             res = ldb.search("cn=ldaptestcontainer," + self.base_dn, 
463                     expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
464             self.fail()
465         except LdbError, (num, _):
466             self.assertEquals(num, LDB_ERR_NO_SUCH_OBJECT)
467
468         print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
469         res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
470         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
471
472         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
473         self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
474
475         print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
476         res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
477         self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?")
478
479         print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
480         try:
481             ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
482             self.fail()
483         except LdbError, (num, _):
484             self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM)
485
486         print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
487         try:
488             ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
489             self.fail()
490         except LdbError, (num, _):
491             self.assertTrue(num in (LDB_ERR_UNWILLING_TO_PERFORM, LDB_ERR_OTHER))
492
493         print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
494         try:
495             ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
496             self.fail()
497         except LdbError, (num, _):
498             self.assertEquals(num, LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
499
500         print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
501         res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
502         self.assertEquals(len(res), 1)
503         res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
504         self.assertEquals(len(res), 0)
505
506         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
507         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
508         # FIXME: self.assertEquals(len(res), 0)
509
510         print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
511         res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
512         # FIXME: self.assertEquals(len(res), 0)
513
514         print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
515         ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
516         print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
517         ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
518         
519         self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn)
520         ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"})
521
522         self.delete_force(self.ldb, "cn=ldaptestutf8user2  èùéìòà ,cn=users," + self.base_dn)
523         ldb.add({"dn": "cn=ldaptestutf8user2  èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"})
524
525         print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
526         res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
527         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
528
529         self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
530         self.assertEquals(res[0]["cn"], "ldaptestuser")
531         self.assertEquals(res[0]["name"], "ldaptestuser")
532         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
533         self.assertTrue("objectGUID" in res[0])
534         self.assertTrue("whenCreated" in res[0])
535         self.assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
536         self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
537         # self.assertEquals(res[0].userAccountControl, 546)
538         self.assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
539         self.assertEquals(len(res[0]["memberOf"]), 1)
540      
541         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
542         res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
543         self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
544
545         self.assertEquals(res[0].dn, res2[0].dn)
546
547         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
548         res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
549         self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
550
551         self.assertEquals(res[0].dn, res3[0].dn)
552
553         if gc_ldb is not None:
554             print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
555             res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
556             self.assertEquals(len(res3gc), 1)
557         
558             self.assertEquals(res[0].dn, res3gc[0].dn)
559
560         print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
561         
562         res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
563         self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
564         
565         self.assertEquals(res[0].dn, res3control[0].dn)
566
567         ldb.delete(res[0].dn)
568
569         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
570         res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
571         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
572
573         self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
574         self.assertEquals(res[0]["cn"], "ldaptestcomputer")
575         self.assertEquals(res[0]["name"], "ldaptestcomputer")
576         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
577         self.assertTrue("objectGUID" in res[0])
578         self.assertTrue("whenCreated" in res[0])
579         self.assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
580         self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
581         # self.assertEquals(res[0].sAMAccountType, 805306368)
582         # self.assertEquals(res[0].userAccountControl, 546)
583         self.assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + self.base_dn)
584         self.assertEquals(len(res[0]["memberOf"]), 1)
585
586         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
587         res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
588         self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
589
590         self.assertEquals(res[0].dn, res2[0].dn)
591
592         if gc_ldb is not None:
593             print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
594             res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
595             self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
596
597             self.assertEquals(res[0].dn, res2gc[0].dn)
598
599         print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
600         res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
601         self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
602
603         self.assertEquals(res[0].dn, res3[0].dn)
604
605         if gc_ldb is not None:
606             print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
607             res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
608             self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
609
610             self.assertEquals(res[0].dn, res3gc[0].dn)
611
612         print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
613         res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
614         self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
615
616         self.assertEquals(res[0].dn, res4[0].dn)
617
618         print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
619         res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
620         self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
621
622         self.assertEquals(res[0].dn, res5[0].dn)
623
624         print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
625         res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
626         self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
627
628         self.assertEquals(res[0].dn, res6[0].dn)
629
630         ldb.delete(res[0].dn)
631
632         print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
633         res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
634         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
635
636         self.assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + self.base_dn))
637         self.assertEquals(res[0]["cn"], "ldaptest2computer")
638         self.assertEquals(res[0]["name"], "ldaptest2computer")
639         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
640         self.assertTrue("objectGUID" in res[0])
641         self.assertTrue("whenCreated" in res[0])
642         self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
643         self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
644     #    self.assertEquals(res[0].userAccountControl, 4098)
645
646         ldb.delete(res[0].dn)
647
648         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
649         print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
650         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
651         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
652
653         self.assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + self.base_dn))
654         self.assertEquals(res[0]["cn"], "ldaptestuser2")
655         self.assertEquals(res[0]["name"], "ldaptestuser2")
656         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
657         self.assertTrue("objectGUID" in res[0])
658         self.assertTrue("whenCreated" in res[0])
659         self.assertTrue("nTSecurityDescriptor" in res[0])
660         self.assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
661
662         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
663         print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
664         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
665         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
666
667         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
668         self.assertEquals(res[0]["cn"], "ldaptestgroup2")
669         self.assertEquals(res[0]["name"], "ldaptestgroup2")
670         self.assertEquals(res[0]["objectClass"], ["top", "group"])
671         self.assertTrue("objectGuid" not in res[0])
672         self.assertTrue("whenCreated" in res[0])
673         self.assertTrue("nTSecurityDescriptor" in res[0])
674         self.assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + self.base_dn])
675
676         ldb.modify_ldif("""
677 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
678 changetype: modify
679 replace: member
680 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
681 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
682 """)
683         
684         print "Testing Linked attribute behaviours"
685         ldb.modify_ldif("""
686 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
687 changetype: modify
688 delete: member
689 """)
690
691         ldb.modify_ldif("""
692 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
693 changetype: modify
694 add: member
695 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
696 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
697 """)
698         
699         ldb.modify_ldif("""
700 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
701 changetype: modify
702 replace: member
703 """)
704         
705         ldb.modify_ldif("""
706 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
707 changetype: modify
708 add: member
709 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
710 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
711 """)
712         
713         ldb.modify_ldif("""
714 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
715 changetype: modify
716 delete: member
717 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
718 """)
719         
720         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
721         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
722
723         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
724         self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
725         self.assertEquals(len(res[0]["member"]), 1)
726
727         ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
728
729         attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
730         print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
731         res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
732         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
733
734         self.assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
735         self.assertTrue("member" not in res[0])
736
737         print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
738         res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
739         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
740
741         self.assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
742         self.assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
743         self.assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
744         self.assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
745         self.assertTrue("objectGUID" in res[0])
746         self.assertTrue("whenCreated" in res[0])
747
748         ldb.delete(res[0].dn)
749
750         print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
751         res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
752         self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
753
754         ldb.delete(res[0].dn)
755
756         ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
757
758         print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
759         res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
760
761         #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
762
763         print "Testing that we can't get at the configuration DN from the main search base"
764         res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
765         self.assertEquals(len(res), 0)
766
767         print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
768         res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
769         self.assertTrue(len(res) > 0)
770
771         if gc_ldb is not None:
772             print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
773             
774             res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
775             self.assertTrue(len(res) > 0)
776
777             print "Testing that we do find configuration elements in the global catlog"
778             res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
779             self.assertTrue(len(res) > 0)
780         
781             print "Testing that we do find configuration elements and user elements at the same time"
782             res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
783             self.assertTrue(len(res) > 0)
784
785             print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
786             res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
787             self.assertTrue(len(res) > 0)
788
789         print "Testing that we can get at the configuration DN on the main LDAP port"
790         res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
791         self.assertTrue(len(res) > 0)
792
793         print "Testing objectCategory canonacolisation"
794         res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
795         self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
796         self.assertTrue(len(res) != 0)
797         
798         res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
799         self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
800         self.assertTrue(len(res) != 0)
801         
802         print "Testing objectClass attribute order on "+ self.base_dn
803         res = ldb.search(expression="objectClass=domain", base=self.base_dn, 
804                          scope=SCOPE_BASE, attrs=["objectClass"])
805         self.assertEquals(len(res), 1)
806
807         self.assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])
808
809     #  check enumeration
810
811         print "Testing ldb.search for objectCategory=person"
812         res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
813         self.assertTrue(len(res) > 0)
814
815         print "Testing ldb.search for objectCategory=person with domain scope control"
816         res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
817         self.assertTrue(len(res) > 0)
818      
819         print "Testing ldb.search for objectCategory=user"
820         res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
821         self.assertTrue(len(res) > 0)
822         
823         print "Testing ldb.search for objectCategory=user with domain scope control"
824         res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
825         self.assertTrue(len(res) > 0)
826         
827         print "Testing ldb.search for objectCategory=group"
828         res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
829         self.assertTrue(len(res) > 0)
830
831         print "Testing ldb.search for objectCategory=group with domain scope control"
832         res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
833         self.assertTrue(len(res) > 0)
834
835
836 class BaseDnTests(unittest.TestCase):
837     def setUp(self):
838         self.ldb = ldb
839
840     def test_rootdse_attrs(self):
841         """Testing for all rootDSE attributes"""
842         res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
843         self.assertEquals(len(res), 1)
844
845     def test_highestcommittedusn(self):
846         """Testing for highestCommittedUSN"""
847         res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
848         self.assertEquals(len(res), 1)
849         self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
850
851     def test_netlogon(self):
852         """Testing for netlogon via LDAP"""
853         res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
854         self.assertEquals(len(res), 0)
855
856     def test_netlogon_highestcommitted_usn(self):
857         """Testing for netlogon and highestCommittedUSN via LDAP"""
858         res = self.ldb.search("", scope=SCOPE_BASE, 
859                 attrs=["netlogon", "highestCommittedUSN"])
860         self.assertEquals(len(res), 0)
861
862
863 if not "://" in host:
864     host = "ldap://%s" % host
865
866 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
867 gc_ldb = Ldb("%s:3268" % host, credentials=creds, 
868              session_info=system_session(), lp=lp)
869
870 runner = SubunitTestRunner()
871 runner.run(unittest.makeSuite(BaseDnTests))
872 runner.run(unittest.makeSuite(BasicTests))