2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
9 # Add path to the library for in-tree use
10 sys.path.append("scripting/python")
11 import samba.getopt as options
13 from auth import system_session
14 from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
15 LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
16 LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
17 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF)
21 parser = optparse.OptionParser("ldap [options] <host>")
22 sambaopts = options.SambaOptions(parser)
23 parser.add_option_group(sambaopts)
24 parser.add_option_group(options.VersionOptions(parser))
25 # use command line creds if available
26 credopts = options.CredentialsOptions(parser)
27 parser.add_option_group(credopts)
28 creds = credopts.get_credentials()
29 opts, args = parser.parse_args()
37 lp = sambaopts.get_loadparm()
39 def delete_force(ldb, dn):
42 except LdbError, (num, _):
43 if num != LDB_ERR_NO_SUCH_OBJECT:
46 def assertEquals(a1, a2):
47 assert a1 == a2, "Expected %r == %r" % (a1, a2)
49 def basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn):
50 print "Running basic tests"
52 delete_force(ldb, "cn=ldaptestuser,cn=users," + base_dn)
53 delete_force(ldb, "cn=ldaptestgroup,cn=users," + base_dn)
55 print "Testing group add with invalid member"
58 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
59 "objectclass": "group",
60 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
61 except LdbError, (num, _):
62 if num != LDB_ERR_NO_SUCH_OBJECT:
67 print "Testing user add"
70 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
71 "objectclass": ["user", "person"],
76 ldb.delete("cn=ldaptestuser,cn=users," + base_dn)
78 "dn": "cn=ldaptestuser,cn=uSers," + base_dn,
79 "objectclass": ["user", "person"],
85 "dn": "cn=ldaptestgroup,cn=uSers," + base_dn,
86 "objectclass": "group",
87 "member": "cn=ldaptestuser,cn=useRs," + base_dn})
91 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
92 "objectclass": "computer",
93 "cN": "LDAPtestCOMPUTER"})
95 ldb.delete("cn=ldaptestcomputer,cn=computers," + base_dn)
97 "dn": "cn=ldaptestcomputer,cn=computers," + base_dn,
98 "objectClass": "computer",
99 "cn": "LDAPtestCOMPUTER"})
102 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + base_dn,
103 "objectClass": "computer",
104 "cn": "LDAPtest2COMPUTER",
105 "userAccountControl": "4096",
106 "displayname": "ldap testy"})
108 ldb.delete("cn=ldaptest2computer,cn=computers," + base_dn)
110 "dn": "cn=ldaptest2computer,cn=computers," + base_dn,
111 "objectClass": "computer",
112 "cn": "LDAPtest2COMPUTER",
113 "userAccountControl": "4096",
114 "displayname": "ldap testy"})
116 print "Testing attribute or value exists behaviour"
119 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
121 replace: servicePrincipalName
122 servicePrincipalName: host/ldaptest2computer
123 servicePrincipalName: host/ldaptest2computer
124 servicePrincipalName: cifs/ldaptest2computer
126 except LdbError, (num, msg):
127 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
130 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
132 replace: servicePrincipalName
133 servicePrincipalName: host/ldaptest2computer
134 servicePrincipalName: cifs/ldaptest2computer
138 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
140 add: servicePrincipalName
141 servicePrincipalName: host/ldaptest2computer
143 except LdbError, (num, msg):
144 assert num == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
146 print "Testing ranged results"
148 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
150 replace: servicePrincipalName
154 dn: cn=ldaptest2computer,cn=computers,""" + base_dn + """
156 add: servicePrincipalName
157 servicePrincipalName: host/ldaptest2computer0
158 servicePrincipalName: host/ldaptest2computer1
159 servicePrincipalName: host/ldaptest2computer2
160 servicePrincipalName: host/ldaptest2computer3
161 servicePrincipalName: host/ldaptest2computer4
162 servicePrincipalName: host/ldaptest2computer5
163 servicePrincipalName: host/ldaptest2computer6
164 servicePrincipalName: host/ldaptest2computer7
165 servicePrincipalName: host/ldaptest2computer8
166 servicePrincipalName: host/ldaptest2computer9
167 servicePrincipalName: host/ldaptest2computer10
168 servicePrincipalName: host/ldaptest2computer11
169 servicePrincipalName: host/ldaptest2computer12
170 servicePrincipalName: host/ldaptest2computer13
171 servicePrincipalName: host/ldaptest2computer14
172 servicePrincipalName: host/ldaptest2computer15
173 servicePrincipalName: host/ldaptest2computer16
174 servicePrincipalName: host/ldaptest2computer17
175 servicePrincipalName: host/ldaptest2computer18
176 servicePrincipalName: host/ldaptest2computer19
177 servicePrincipalName: host/ldaptest2computer20
178 servicePrincipalName: host/ldaptest2computer21
179 servicePrincipalName: host/ldaptest2computer22
180 servicePrincipalName: host/ldaptest2computer23
181 servicePrincipalName: host/ldaptest2computer24
182 servicePrincipalName: host/ldaptest2computer25
183 servicePrincipalName: host/ldaptest2computer26
184 servicePrincipalName: host/ldaptest2computer27
185 servicePrincipalName: host/ldaptest2computer28
186 servicePrincipalName: host/ldaptest2computer29
189 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
190 attrs=["servicePrincipalName;range=0-*"])
191 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
192 #print len(res[0]["servicePrincipalName;range=0-*"])
193 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
195 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
196 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
197 # print res[0]["servicePrincipalName;range=0-19"].length
198 assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
201 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
202 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
203 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
205 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
206 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
207 assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
209 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
210 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
211 assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
214 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
215 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
216 assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
217 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
219 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
220 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
221 assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
222 # print res[0]["servicePrincipalName;range=11-*"][18]
224 # assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
226 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
227 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
228 assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
229 # assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
231 res = ldb.search(base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
232 assert len(res) == 1, "Could not find (cn=ldaptest2computer)"
233 # print res[0]["servicePrincipalName"][18]
235 assertEquals(len(res[0]["servicePrincipalName"]), 30)
236 # assertEquals(res[0]["servicePrincipalName"][18], pos_11)
240 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
241 "objectClass": ["person", "user"],
242 "cn": "LDAPtestUSER2",
243 "givenname": "testy",
246 ldb.delete("cn=ldaptestuser2,cn=users," + base_dn)
248 "dn": "cn=ldaptestuser2,cn=useRs," + base_dn,
249 "objectClass": ["person", "user"],
250 "cn": "LDAPtestUSER2",
251 "givenname": "testy",
254 print "Testing Ambigious Name Resolution"
255 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
256 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
257 assert len(res) == 3, "Could not find (&(anr=ldap testy)(objectClass=user))"
259 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
260 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
261 assert len(res) == 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res)
263 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
264 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
265 assert len(res) == 4, "Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
267 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
268 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
269 assert len(res) == 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res)
271 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
272 assertEquals(res[0]["cn"][0], "ldaptestuser")
273 assertEquals(res[0]["name"], "ldaptestuser")
275 # Testing ldb.search for (&(anr=testy)(objectClass=user))
276 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
277 assert len(res) == 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res)
279 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
280 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
281 assert len(res) == 2, "Found only %d for (&(anr=ldap testy)(objectClass=user))" % len(res)
283 # Testing ldb.search for (&(anr==ldap testy)(objectClass=user))
284 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
285 assert len(res) == 1, "Found only %d for (&(anr==ldap testy)(objectClass=user))" % len(res)
287 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
288 assertEquals(res[0]["cn"][0], "ldaptestuser")
289 assertEquals(res[0]["name"][0], "ldaptestuser")
291 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
292 res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
293 assert len(res) == 1, "Could not find (&(anr==testy ldap)(objectClass=user))"
295 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
296 assertEquals(res[0]["cn"][0], "ldaptestuser")
297 assertEquals(res[0]["name"][0], "ldaptestuser")
299 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
300 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
301 assert len(res) == 1, "Could not find (&(anr=testy ldap user)(objectClass=user))"
303 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
304 assertEquals(res[0]["cn"], "ldaptestuser2")
305 assertEquals(res[0]["name"], "ldaptestuser2")
307 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
308 res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
309 assert len(res) == 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))"
311 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
312 assertEquals(res[0]["cn"], "ldaptestuser2")
313 assertEquals(res[0]["name"], "ldaptestuser2")
315 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
316 res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
317 assert len(res) == 1, "Could not find (&(anr==ldap user2)(objectClass=user))"
319 assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + base_dn))
320 assertEquals(res[0]["cn"], "ldaptestuser2")
321 assertEquals(res[0]["name"], "ldaptestuser2")
323 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
324 res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
325 assert len(res) == 0, "Must not find (&(anr==not ldap user2)(objectClass=user))"
327 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
328 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
329 assert len(res) == 0, "Must not find (&(anr=not ldap user2)(objectClass=user))"
331 print "Testing Group Modifies"
333 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
336 member: cn=ldaptestuser2,cn=users,""" + base_dn + """
337 member: cn=ldaptestcomputer,cn=computers,""" + base_dn + """
340 delete_force(ldb, "cn=ldaptestuser3,cn=users," + base_dn)
342 print "Testing adding non-existent user to a group"
345 dn: cn=ldaptestgroup,cn=users,""" + base_dn + """
348 member: cn=ldaptestuser3,cn=users,""" + base_dn + """
350 except LdbError, (num, _):
351 assert num == LDB_ERR_NO_SUCH_OBJECT
355 print "Testing Renames"
357 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
359 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
361 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestUSER3,cn=users," + base_dn)
363 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
364 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
365 assert len(res) == 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))"
367 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
368 assertEquals(res[0]["cn"], "ldaptestUSER3")
369 assertEquals(res[0]["name"], "ldaptestUSER3")
371 # This is a Samba special, and does not exist in real AD
372 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
373 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
374 # if (res.error != 0 || len(res) != 1) {
375 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
376 # assertEquals(len(res), 1)
378 # assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + base_dn))
379 # assertEquals(res[0].cn, "ldaptestUSER3")
380 # assertEquals(res[0].name, "ldaptestUSER3")
382 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
383 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + base_dn + ")")
384 assert len(res) == 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + base_dn + ")"
385 assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + base_dn))
386 assertEquals(res[0]["cn"], "ldaptestUSER3")
387 assertEquals(res[0]["name"], "ldaptestUSER3")
389 # ensure we cannot add it again
391 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + base_dn,
392 "objectClass": ["person", "user"],
393 "cn": "LDAPtestUSER3"})
394 except LdbError, (num, _):
395 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
400 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
402 # ensure we cannnot rename it twice
404 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn)
405 except LdbError, (num, _):
406 assert num == LDB_ERR_NO_SUCH_OBJECT
410 # ensure can now use that name
411 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + base_dn,
412 "objectClass": ["person", "user"],
413 "cn": "LDAPtestUSER3"})
415 # ensure we now cannnot rename
417 ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn)
418 except LdbError, (num, _):
419 assert num == LDB_ERR_ENTRY_ALREADY_EXISTS
423 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn)
424 except LdbError, (num, _):
425 assert num in (71, 64)
429 ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser5,cn=users," + base_dn)
431 ldb.delete("cn=ldaptestuser5,cn=users," + base_dn)
433 delete_force(ldb, "cn=ldaptestgroup2,cn=users," + base_dn)
435 ldb.rename("cn=ldaptestgroup,cn=users," + base_dn, "cn=ldaptestgroup2,cn=users," + base_dn)
437 print "Testing subtree Renames"
439 ldb.add({"dn": "cn=ldaptestcontainer," + base_dn,
440 "objectClass": "container"})
443 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
444 "objectClass": ["person", "user"],
445 "cn": "LDAPtestUSER4"})
447 ldb.delete("cn=ldaptestuser4,cn=ldaptestcontainer," + base_dn)
448 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + base_dn,
449 "objectClass": ["person", "user"],
450 "cn": "LDAPtestUSER4"})
453 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
456 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + base_dn + """
459 print "Testing ldb.rename of cn=ldaptestcontainer," + base_dn + " to cn=ldaptestcontainer2," + base_dn
460 ldb.rename("CN=ldaptestcontainer," + base_dn, "CN=ldaptestcontainer2," + base_dn)
462 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
463 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
464 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))"
466 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
468 ldb.search("cn=ldaptestcontainer," + base_dn,
469 expression="(&(cn=ldaptestuser4)(objectClass=user))",
471 except LdbError, (num, _):
472 assert num == LDB_ERR_NO_SUCH_OBJECT
476 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + base_dn
478 res = ldb.search("cn=ldaptestcontainer," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
479 except LdbError, (num, _):
480 assert num == LDB_ERR_NO_SUCH_OBJECT
484 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
485 res = ldb.search("cn=ldaptestcontainer2," + base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
486 assert len(res) == 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn
488 assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
489 assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + base_dn).upper())
491 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
492 res = ldb.search(base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
493 assert len(res) == 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn + ")(objectclass=group)), perhaps linked attributes are not conistant with subtree renames?"
495 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn
497 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn)
498 except LdbError, (num, _):
499 assert num == LDB_ERR_UNWILLING_TO_PERFORM
503 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn
505 ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + base_dn)
506 except LdbError, (num, _):
507 assert num in (53, 80)
511 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn
513 ldb.delete("cn=ldaptestcontainer2," + base_dn)
514 except LdbError, (num, _):
515 assert num == LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
519 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn
520 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
522 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn), scope=SCOPE_BASE)
525 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
526 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_ONELEVEL)
527 # FIXME: assert len(res) == 0
529 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + base_dn
530 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base="cn=ldaptestcontainer2," + base_dn, scope=SCOPE_SUBTREE)
531 #FIXME: assert len(res) == 0
533 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn)
534 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn))
535 print "Testing delete of renamed cn=ldaptestcontainer2," + base_dn
536 ldb.delete("cn=ldaptestcontainer2," + base_dn)
539 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
540 except LdbError, (num, _):
541 ldb.delete("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn)
542 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
545 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn, "objectClass": "user"})
546 except LdbError, (num, _):
547 ldb.delete("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn)
548 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn,
549 "objectClass": "user"})
551 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
552 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
553 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
555 assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + base_dn))
556 assertEquals(res[0]["cn"], "ldaptestuser")
557 assertEquals(res[0]["name"], "ldaptestuser")
558 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
559 assert("objectGUID" in res[0])
560 assert("whenCreated" in res[0])
561 assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + base_dn))
562 assertEquals(int(res[0]["sAMAccountType"][0]), 805306368)
563 # assertEquals(res[0].userAccountControl, 546)
564 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
565 assertEquals(len(res[0]["memberOf"]), 1)
567 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
568 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))")
569 assert len(res2) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))"
571 assertEquals(res[0].dn, res2[0].dn)
573 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
574 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
575 assert len(res3) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + len(res3)
577 assertEquals(res[0].dn, res3[0].dn)
579 if gc_ldb is not None:
580 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
581 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
582 assert len(res3gc) == 1
584 assertEquals(res[0].dn, res3gc[0].dn)
586 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
588 res3control = gc_ldb.search(base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
589 assert len(res3control) == 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
591 assertEquals(res[0].dn, res3control[0].dn)
593 ldb.delete(res[0].dn)
595 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
596 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
597 assert len(res) == 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))"
599 assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + base_dn))
600 assertEquals(res[0]["cn"], "ldaptestcomputer")
601 assertEquals(res[0]["name"], "ldaptestcomputer")
602 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
603 assert("objectGUID" in res[0])
604 assert("whenCreated" in res[0])
605 assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + base_dn))
606 assertEquals(int(res[0]["primaryGroupID"][0]), 513)
607 # assertEquals(res[0].sAMAccountType, 805306368)
608 # assertEquals(res[0].userAccountControl, 546)
609 assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + base_dn)
610 assertEquals(len(res[0]["memberOf"]), 1)
612 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
613 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
614 assert len(res2) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))"
616 assertEquals(res[0].dn, res2[0].dn)
618 if gc_ldb is not None:
619 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
620 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))")
621 assert len(res2gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog"
623 assertEquals(res[0].dn, res2gc[0].dn)
625 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
626 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
627 assert len(res3) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
629 assertEquals(res[0].dn, res3[0].dn)
631 if gc_ldb is not None:
632 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
633 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
634 assert len(res3gc) == 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
636 assertEquals(res[0].dn, res3gc[0].dn)
638 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
639 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
640 assert len(res4) == 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
642 assertEquals(res[0].dn, res4[0].dn)
644 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
645 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
646 assert len(res5) == 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
648 assertEquals(res[0].dn, res5[0].dn)
650 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
651 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
652 assert len(res6) == 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))"
654 assertEquals(res[0].dn, res6[0].dn)
656 ldb.delete(res[0].dn)
658 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
659 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
660 assert len(res) == 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))"
662 assertEquals(res[0].dn, ("CN=ldaptest2computer,CN=Computers," + base_dn))
663 assertEquals(res[0]["cn"], "ldaptest2computer")
664 assertEquals(res[0]["name"], "ldaptest2computer")
665 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
666 assert("objectGUID" in res[0])
667 assert("whenCreated" in res[0])
668 assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + base_dn)
669 assertEquals(int(res[0]["sAMAccountType"][0]), 805306369)
670 # assertEquals(res[0].userAccountControl, 4098)
672 ldb.delete(res[0].dn)
674 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "memberOf"]
675 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
676 res = ldb.search(base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
677 assert len(res) == 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))"
679 assertEquals(res[0].dn, ("CN=ldaptestuser2,CN=Users," + base_dn))
680 assertEquals(res[0]["cn"], "ldaptestuser2")
681 assertEquals(res[0]["name"], "ldaptestuser2")
682 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
683 assert("objectGUID" in res[0])
684 assert("whenCreated" in res[0])
685 assert("nTSecurityDescriptor" in res[0])
686 assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + base_dn))
688 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
689 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
690 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
691 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
693 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
694 assertEquals(res[0]["cn"], "ldaptestgroup2")
695 assertEquals(res[0]["name"], "ldaptestgroup2")
696 assertEquals(res[0]["objectClass"], ["top", "group"])
697 assert("objectGuid" not in res[0])
698 assert("whenCreated" in res[0])
699 assert("nTSecurityDescriptor" in res[0])
700 assertEquals(res[0]["member"], ["CN=ldaptestuser2,CN=Users," + base_dn])
703 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
706 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
707 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
710 print "Testing Linked attribute behaviours"
712 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
718 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
721 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
722 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
726 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
732 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
735 member: CN=ldaptestuser2,CN=Users,""" + base_dn + """
736 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
740 dn: cn=ldaptestgroup2,cn=users,""" + base_dn + """
743 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + base_dn + """
746 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
747 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))"
749 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
750 assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + base_dn))
751 assertEquals(len(res[0]["member"]), 1)
753 ldb.delete(("CN=ldaptestuser2,CN=Users," + base_dn))
755 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
756 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
757 res = ldb.search(base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
758 assert len(res) == 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
760 assertEquals(res[0].dn, ("CN=ldaptestgroup2,CN=Users," + base_dn))
761 assert("member" not in res[0])
763 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
764 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
765 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
767 assertEquals(res[0].dn, ("CN=ldaptestutf8user èùéìòà,CN=Users," + base_dn))
768 assertEquals(res[0]["cn"], "ldaptestutf8user èùéìòà")
769 assertEquals(res[0]["name"], "ldaptestutf8user èùéìòà")
770 assertEquals(res[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
771 assert("objectGUID" in res[0])
772 assert("whenCreated" in res[0])
774 ldb.delete(res[0].dn)
776 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
777 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
778 assert len(res) == 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))"
780 ldb.delete(res[0].dn)
782 ldb.delete(("CN=ldaptestgroup2,CN=Users," + base_dn))
784 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
785 res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
787 #FIXME: assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
789 print "Testing that we can't get at the configuration DN from the main search base"
790 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
791 assert len(res) == 0, "Got configuration DN " + res[0].dn + " which should not be able to be seen from main search base"
792 assertEquals(len(res), 0)
794 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
795 res = ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
798 if gc_ldb is not None:
799 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
801 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
804 print "Testing that we do find configuration elements in the global catlog"
805 res = gc_ldb.search(base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
806 assert (len(res) > 0)
808 print "Testing that we do find configuration elements and user elements at the same time"
809 res = gc_ldb.search(base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
810 assert (len(res) > 0)
812 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
813 res = gc_ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
814 assert (len(res) > 0)
816 print "Testing that we can get at the configuration DN on the main LDAP port"
817 res = ldb.search(configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
818 assert (len(res) > 0)
820 print "Testing objectCategory canonacolisation"
821 res = ldb.search(configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
822 assert len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA"
823 assert(len(res) != 0)
825 res = ldb.search(configuration_dn, expression="objectCategory=CN=ntDs-DSA," + schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
826 assert len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + schema_dn
827 assert(len(res) != 0)
829 print "Testing objectClass attribute order on "+ base_dn
830 res = ldb.search(expression="objectClass=domain", base=base_dn,
831 scope=SCOPE_BASE, attrs=["objectClass"])
832 assertEquals(len(res), 1)
834 assertEquals(res[0]["objectClass"], ["top", "domain", "domainDNS"])
838 print "Testing ldb.search for objectCategory=person"
839 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
842 print "Testing ldb.search for objectCategory=person with domain scope control"
843 res = ldb.search(base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
846 print "Testing ldb.search for objectCategory=user"
847 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
851 print "Testing ldb.search for objectCategory=user with domain scope control"
852 res = ldb.search(base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
855 print "Testing ldb.search for objectCategory=group"
856 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
859 print "Testing ldb.search for objectCategory=group with domain scope control"
860 res = ldb.search(base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
863 def basedn_tests(ldb, gc_ldb):
864 print "Testing for all rootDSE attributes"
865 res = ldb.search(scope=SCOPE_BASE, attrs=[])
866 assertEquals(len(res), 1)
868 print "Testing for highestCommittedUSN"
869 res = ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
870 assertEquals(len(res), 1)
871 assert(int(res[0]["highestCommittedUSN"][0]) != 0)
873 print "Testing for netlogon via LDAP"
874 res = ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
875 assertEquals(len(res), 0)
877 print "Testing for netlogon and highestCommittedUSN via LDAP"
878 res = ldb.search("", scope=SCOPE_BASE,
879 attrs=["netlogon", "highestCommittedUSN"])
880 assertEquals(len(res), 0)
883 def find_basedn(ldb):
884 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
885 attrs=["defaultNamingContext"])
886 assertEquals(len(res), 1)
887 return res[0]["defaultNamingContext"][0]
890 def find_configurationdn(ldb):
891 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
892 assertEquals(len(res), 1)
893 return res[0]["configurationNamingContext"][0]
896 def find_schemadn(ldb):
897 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
898 assertEquals(len(res), 1)
899 return res[0]["schemaNamingContext"][0]
901 if not "://" in host:
902 host = "ldap://%s" % host
904 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
905 base_dn = find_basedn(ldb)
906 configuration_dn = find_configurationdn(ldb)
907 schema_dn = find_schemadn(ldb)
909 print "baseDN: %s\n" % base_dn
911 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
912 session_info=system_session(), lp=lp)
914 basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
915 basedn_tests(ldb, gc_ldb)