8 import samba.getopt as options
10 from samba.tests.subunitrun import SubunitOptions, TestProgram
12 from samba.tests import delete_force
13 from samba.dcerpc import security, misc
14 from samba.samdb import SamDB
15 from samba.auth import system_session
16 from samba.ndr import ndr_unpack
17 from ldb import Message, MessageElement, Dn, LdbError
18 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
19 from ldb import SCOPE_BASE, SCOPE_SUBTREE, SCOPE_ONELEVEL
21 # TODO I'm ignoring case in these tests for now.
22 # This should be fixed to work inline with Windows.
23 # The literal strings are in the case Windows uses.
24 # Windows appear to preserve casing of the RDN and uppercase the other keys.
27 class MatchRulesTests(samba.tests.TestCase):
29 super(MatchRulesTests, self).setUp()
31 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
32 self.base_dn = self.ldb.domain_dn()
33 self.ou = "OU=matchrulestest,%s" % self.base_dn
34 self.ou_users = "OU=users,%s" % self.ou
35 self.ou_groups = "OU=groups,%s" % self.ou
36 self.ou_computers = "OU=computers,%s" % self.ou
38 # Add a organizational unit to create objects
41 "objectclass": "organizationalUnit"})
43 # Add the following OU hierarchy and set otherWellKnownObjects,
44 # which has BinaryDN syntax:
52 "dn": "OU=o1,%s" % self.ou,
53 "objectclass": "organizationalUnit"})
55 "dn": "OU=o2,OU=o1,%s" % self.ou,
56 "objectclass": "organizationalUnit"})
58 "dn": "OU=o3,OU=o2,OU=o1,%s" % self.ou,
59 "objectclass": "organizationalUnit"})
61 "dn": "OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
62 "objectclass": "organizationalUnit"})
65 m.dn = Dn(self.ldb, self.ou)
66 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000001:OU=o1,%s" % self.ou,
67 FLAG_MOD_ADD, "otherWellKnownObjects")
71 m.dn = Dn(self.ldb, "OU=o1,%s" % self.ou)
72 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000002:OU=o2,OU=o1,%s" % self.ou,
73 FLAG_MOD_ADD, "otherWellKnownObjects")
77 m.dn = Dn(self.ldb, "OU=o2,OU=o1,%s" % self.ou)
78 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000003:OU=o3,OU=o2,OU=o1,%s" % self.ou,
79 FLAG_MOD_ADD, "otherWellKnownObjects")
83 m.dn = Dn(self.ldb, "OU=o3,OU=o2,OU=o1,%s" % self.ou)
84 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
85 FLAG_MOD_ADD, "otherWellKnownObjects")
88 # Create OU for users and groups
91 "objectclass": "organizationalUnit"})
94 "objectclass": "organizationalUnit"})
96 "dn": self.ou_computers,
97 "objectclass": "organizationalUnit"})
101 "dn": "cn=g1,%s" % self.ou_groups,
102 "objectclass": "group"})
104 "dn": "cn=g2,%s" % self.ou_groups,
105 "objectclass": "group"})
107 "dn": "cn=g4,%s" % self.ou_groups,
108 "objectclass": "group"})
110 "dn": "cn=g3,%s" % self.ou_groups,
111 "objectclass": "group"})
115 "dn": "cn=u1,%s" % self.ou_users,
116 "objectclass": "user"})
118 "dn": "cn=u2,%s" % self.ou_users,
119 "objectclass": "user"})
121 "dn": "cn=u3,%s" % self.ou_users,
122 "objectclass": "user"})
124 "dn": "cn=u4,%s" % self.ou_users,
125 "objectclass": "user"})
127 # Add computers to test Object(DN-Binary) syntax
129 "dn": "cn=c1,%s" % self.ou_computers,
130 "objectclass": "computer",
131 "dNSHostName": "c1.%s" % self.lp.get("realm").lower(),
132 "servicePrincipalName": ["HOST/c1"],
133 "sAMAccountName": "c1$",
134 "userAccountControl": "83890178"})
137 "dn": "cn=c2,%s" % self.ou_computers,
138 "objectclass": "computer",
139 "dNSHostName": "c2.%s" % self.lp.get("realm").lower(),
140 "servicePrincipalName": ["HOST/c2"],
141 "sAMAccountName": "c2$",
142 "userAccountControl": "83890178"})
145 "dn": "cn=c3,%s" % self.ou_computers,
146 "objectclass": "computer",
147 "dNSHostName": "c3.%s" % self.lp.get("realm").lower(),
148 "servicePrincipalName": ["HOST/c3"],
149 "sAMAccountName": "c3$",
150 "userAccountControl": "83890178"})
152 # Create the following hierarchy:
164 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
165 m["member"] = MessageElement("CN=u1,%s" % self.ou_users,
166 FLAG_MOD_ADD, "member")
171 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
172 m["member"] = MessageElement("cn=u2,%s" % self.ou_users,
173 FLAG_MOD_ADD, "member")
178 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
179 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
180 FLAG_MOD_ADD, "member")
185 m.dn = Dn(self.ldb, "cn=g4,%s" % self.ou_groups)
186 m["member"] = MessageElement("cn=u4,%s" % self.ou_users,
187 FLAG_MOD_ADD, "member")
192 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
193 m["member"] = MessageElement("cn=g3,%s" % self.ou_groups,
194 FLAG_MOD_ADD, "member")
199 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
200 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
201 FLAG_MOD_ADD, "member")
206 m.dn = Dn(self.ldb, "cn=g2,%s" % self.ou_groups)
207 m["member"] = MessageElement("cn=g1,%s" % self.ou_groups,
208 FLAG_MOD_ADD, "member")
211 # The msDS-RevealedUsers is owned by system and cannot be modified
212 # directly. Set the schemaUpgradeInProgress flag as workaround
213 # and create this hierarchy:
220 # While appropriate for this test, this is NOT a good practice
221 # in general. This is only done here because the alternative
222 # is to make a schema modification.
224 # IF/WHEN Samba protects this attribute better, this
225 # particular part of the test can be removed, as the same code
226 # is covered by the addressBookRoots2 case well enough.
229 m.dn = Dn(self.ldb, "")
230 m["e1"] = MessageElement("1", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
234 m.dn = Dn(self.ldb, "cn=c2,%s" % self.ou_computers)
235 m["e1"] = MessageElement("B:8:01010101:cn=c3,%s" % self.ou_computers,
236 FLAG_MOD_ADD, "msDS-RevealedUsers")
240 m.dn = Dn(self.ldb, "cn=c1,%s" % self.ou_computers)
241 m["e1"] = MessageElement("B:8:01010101:cn=c2,%s" % self.ou_computers,
242 FLAG_MOD_ADD, "msDS-RevealedUsers")
246 m.dn = Dn(self.ldb, "")
247 m["e1"] = MessageElement("0", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
250 # Add a couple of ms-Exch-Configuration-Container to test forward-link
251 # attributes without backward link (addressBookRoots2)
256 "dn": "cn=e1,%s" % self.ou,
257 "objectclass": "msExchConfigurationContainer"})
259 "dn": "cn=e2,%s" % self.ou,
260 "objectclass": "msExchConfigurationContainer"})
263 m.dn = Dn(self.ldb, "cn=e2,%s" % self.ou)
264 m["e1"] = MessageElement("cn=c1,%s" % self.ou_computers,
265 FLAG_MOD_ADD, "addressBookRoots2")
269 m.dn = Dn(self.ldb, "cn=e1,%s" % self.ou)
270 m["e1"] = MessageElement("cn=e2,%s" % self.ou,
271 FLAG_MOD_ADD, "addressBookRoots2")
275 super(MatchRulesTests, self).tearDown()
276 self.ldb.delete(self.ou, controls=['tree_delete:0'])
278 def test_u1_member_of_g4(self):
279 # Search without transitive match must return 0 results
280 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
282 expression="member=cn=u1,%s" % self.ou_users)
283 self.assertEqual(len(res1), 0)
285 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
287 expression="memberOf=cn=g4,%s" % self.ou_groups)
288 self.assertEqual(len(res1), 0)
290 # Search with transitive match must return 1 results
291 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
293 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
294 self.assertEqual(len(res1), 1)
295 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
297 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
299 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
300 self.assertEqual(len(res1), 1)
301 self.assertEqual(str(res1[0].dn).lower(), ("CN=u1,%s" % self.ou_users).lower())
303 def test_g1_member_of_g4(self):
304 # Search without transitive match must return 0 results
305 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
307 expression="member=cn=g1,%s" % self.ou_groups)
308 self.assertEqual(len(res1), 0)
310 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
312 expression="memberOf=cn=g4,%s" % self.ou_groups)
313 self.assertEqual(len(res1), 0)
315 # Search with transitive match must return 1 results
316 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
318 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
319 self.assertEqual(len(res1), 1)
320 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
322 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
324 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
325 self.assertEqual(len(res1), 1)
326 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
328 def test_u1_groups(self):
329 res1 = self.ldb.search(self.ou_groups,
331 expression="member=cn=u1,%s" % self.ou_users)
332 self.assertEqual(len(res1), 1)
333 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
335 res1 = self.ldb.search(self.ou_users,
337 expression="member=cn=u1,%s" % self.ou_users)
338 self.assertEqual(len(res1), 0)
340 res1 = self.ldb.search(self.ou_groups,
342 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
343 self.assertEqual(len(res1), 4)
344 dn_list = [str(res.dn).lower() for res in res1]
345 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
346 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
347 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
348 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
350 res1 = self.ldb.search(self.ou_users,
352 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
353 self.assertEqual(len(res1), 0)
355 def test_u2_groups(self):
356 res1 = self.ldb.search(self.ou_groups,
358 expression="member=cn=u2,%s" % self.ou_users)
359 self.assertEqual(len(res1), 1)
360 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
362 res1 = self.ldb.search(self.ou_users,
364 expression="member=cn=u2,%s" % self.ou_users)
365 self.assertEqual(len(res1), 0)
367 res1 = self.ldb.search(self.ou_groups,
369 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
370 self.assertEqual(len(res1), 3)
371 dn_list = [str(res.dn).lower() for res in res1]
372 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
373 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
374 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
376 res1 = self.ldb.search(self.ou_users,
378 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
379 self.assertEqual(len(res1), 0)
381 def test_u3_groups(self):
382 res1 = self.ldb.search(self.ou_groups,
384 expression="member=cn=u3,%s" % self.ou_users)
385 self.assertEqual(len(res1), 1)
386 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
388 res1 = self.ldb.search(self.ou_users,
390 expression="member=cn=u3,%s" % self.ou_users)
391 self.assertEqual(len(res1), 0)
393 res1 = self.ldb.search(self.ou_groups,
395 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
396 self.assertEqual(len(res1), 2)
397 dn_list = [str(res.dn).lower() for res in res1]
398 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
399 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
401 res1 = self.ldb.search(self.ou_users,
403 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
404 self.assertEqual(len(res1), 0)
406 def test_u4_groups(self):
407 res1 = self.ldb.search(self.ou_groups,
409 expression="member=cn=u4,%s" % self.ou_users)
410 self.assertEqual(len(res1), 1)
411 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
413 res1 = self.ldb.search(self.ou_users,
415 expression="member=cn=u4,%s" % self.ou_users)
416 self.assertEqual(len(res1), 0)
418 res1 = self.ldb.search(self.ou_groups,
420 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
421 self.assertEqual(len(res1), 1)
422 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
424 res1 = self.ldb.search(self.ou_users,
426 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
427 self.assertEqual(len(res1), 0)
429 def test_extended_dn_u1(self):
430 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
432 expression="objectClass=*",
433 attrs=['objectSid', 'objectGUID'])
434 self.assertEqual(len(res1), 1)
435 self.assertEqual(str(res1[0].dn).lower(), ("cn=u1,%s" % self.ou_users).lower())
437 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
438 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
440 res1 = self.ldb.search(self.ou_groups,
442 expression="member=<SID=%s>" % sid)
443 self.assertEqual(len(res1), 1)
444 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
446 res1 = self.ldb.search(self.ou_groups,
448 expression="member=<GUID=%s>" % guid)
449 self.assertEqual(len(res1), 1)
450 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
452 res1 = self.ldb.search(self.ou_groups,
454 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
455 self.assertEqual(len(res1), 4)
456 dn_list = [str(res.dn).lower() for res in res1]
457 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
458 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
459 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
460 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
462 res1 = self.ldb.search(self.ou_groups,
463 scope=SCOPE_ONELEVEL,
464 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
465 self.assertEqual(len(res1), 4)
466 dn_list = [str(res.dn).lower() for res in res1]
467 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
468 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
469 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
470 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
472 res1 = self.ldb.search(self.ou_groups,
474 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
475 self.assertEqual(len(res1), 4)
476 dn_list = [str(res.dn).lower() for res in res1]
477 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
478 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
479 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
480 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
482 res1 = self.ldb.search(self.ou_groups,
483 scope=SCOPE_ONELEVEL,
484 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
485 self.assertEqual(len(res1), 4)
486 dn_list = [str(res.dn).lower() for res in res1]
487 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
488 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
489 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
490 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
492 def test_extended_dn_u2(self):
493 res1 = self.ldb.search("cn=u2,%s" % self.ou_users,
495 expression="objectClass=*",
496 attrs=['objectSid', 'objectGUID'])
497 self.assertEqual(len(res1), 1)
498 self.assertEqual(str(res1[0].dn).lower(), ("cn=u2,%s" % self.ou_users).lower())
500 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
501 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
503 res1 = self.ldb.search(self.ou_groups,
505 expression="member=<SID=%s>" % sid)
506 self.assertEqual(len(res1), 1)
507 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
509 res1 = self.ldb.search(self.ou_groups,
511 expression="member=<GUID=%s>" % guid)
512 self.assertEqual(len(res1), 1)
513 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
515 res1 = self.ldb.search(self.ou_groups,
517 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
518 self.assertEqual(len(res1), 3)
519 dn_list = [str(res.dn).lower() for res in res1]
520 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
521 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
522 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
524 res1 = self.ldb.search(self.ou_groups,
525 scope=SCOPE_ONELEVEL,
526 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
527 self.assertEqual(len(res1), 3)
528 dn_list = [str(res.dn).lower() for res in res1]
529 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
530 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
531 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
533 res1 = self.ldb.search(self.ou_groups,
535 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
536 self.assertEqual(len(res1), 3)
537 dn_list = [str(res.dn).lower() for res in res1]
538 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
539 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
540 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
542 res1 = self.ldb.search(self.ou_groups,
543 scope=SCOPE_ONELEVEL,
544 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
545 self.assertEqual(len(res1), 3)
546 dn_list = [str(res.dn).lower() for res in res1]
547 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
548 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
549 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
551 def test_extended_dn_u3(self):
552 res1 = self.ldb.search("cn=u3,%s" % self.ou_users,
554 expression="objectClass=*",
555 attrs=['objectSid', 'objectGUID'])
556 self.assertEqual(len(res1), 1)
557 self.assertEqual(str(res1[0].dn).lower(), ("cn=u3,%s" % self.ou_users).lower())
559 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
560 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
562 res1 = self.ldb.search(self.ou_groups,
564 expression="member=<SID=%s>" % sid)
565 self.assertEqual(len(res1), 1)
566 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
568 res1 = self.ldb.search(self.ou_groups,
570 expression="member=<GUID=%s>" % guid)
571 self.assertEqual(len(res1), 1)
572 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
574 res1 = self.ldb.search(self.ou_groups,
576 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
577 self.assertEqual(len(res1), 2)
578 dn_list = [str(res.dn).lower() for res in res1]
579 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
580 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
582 res1 = self.ldb.search(self.ou_groups,
583 scope=SCOPE_ONELEVEL,
584 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
585 self.assertEqual(len(res1), 2)
586 dn_list = [str(res.dn).lower() for res in res1]
587 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
588 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
590 res1 = self.ldb.search(self.ou_groups,
592 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
593 self.assertEqual(len(res1), 2)
594 dn_list = [str(res.dn).lower() for res in res1]
595 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
596 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
598 res1 = self.ldb.search(self.ou_groups,
599 scope=SCOPE_ONELEVEL,
600 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
601 self.assertEqual(len(res1), 2)
602 dn_list = [str(res.dn).lower() for res in res1]
603 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
604 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
606 def test_extended_dn_u4(self):
607 res1 = self.ldb.search("cn=u4,%s" % self.ou_users,
609 expression="objectClass=*",
610 attrs=['objectSid', 'objectGUID'])
611 self.assertEqual(len(res1), 1)
612 self.assertEqual(str(res1[0].dn).lower(), ("cn=u4,%s" % self.ou_users).lower())
614 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
615 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
617 res1 = self.ldb.search(self.ou_groups,
619 expression="member=<SID=%s>" % sid)
620 self.assertEqual(len(res1), 1)
621 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
623 res1 = self.ldb.search(self.ou_groups,
625 expression="member=<GUID=%s>" % guid)
626 self.assertEqual(len(res1), 1)
627 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
629 res1 = self.ldb.search(self.ou_groups,
630 scope=SCOPE_ONELEVEL,
631 expression="member=<GUID=%s>" % guid)
632 self.assertEqual(len(res1), 1)
633 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
635 res1 = self.ldb.search(self.ou_groups,
637 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
638 self.assertEqual(len(res1), 1)
639 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
641 res1 = self.ldb.search(self.ou_groups,
642 scope=SCOPE_ONELEVEL,
643 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
644 self.assertEqual(len(res1), 1)
645 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
647 res1 = self.ldb.search(self.ou_groups,
649 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
650 self.assertEqual(len(res1), 1)
651 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
653 res1 = self.ldb.search(self.ou_groups,
654 scope=SCOPE_ONELEVEL,
655 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
656 self.assertEqual(len(res1), 1)
657 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
659 def test_object_dn_binary(self):
660 res1 = self.ldb.search(self.ou_computers,
662 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
663 self.assertEqual(len(res1), 1)
664 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
666 res1 = self.ldb.search(self.ou_computers,
667 scope=SCOPE_ONELEVEL,
668 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
669 self.assertEqual(len(res1), 1)
670 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
672 res1 = self.ldb.search(self.ou_computers,
674 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
675 self.assertEqual(len(res1), 2)
676 dn_list = [str(res.dn).lower() for res in res1]
677 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
678 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
680 res1 = self.ldb.search(self.ou_computers,
681 scope=SCOPE_ONELEVEL,
682 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
683 self.assertEqual(len(res1), 2)
684 dn_list = [str(res.dn).lower() for res in res1]
685 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
686 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
688 def test_one_way_links(self):
689 res1 = self.ldb.search(self.ou,
691 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
692 self.assertEqual(len(res1), 1)
693 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
695 res1 = self.ldb.search(self.ou,
696 scope=SCOPE_ONELEVEL,
697 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
698 self.assertEqual(len(res1), 1)
699 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
701 res1 = self.ldb.search(self.ou,
703 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
704 self.assertEqual(len(res1), 2)
705 dn_list = [str(res.dn).lower() for res in res1]
706 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
707 self.assertTrue(("CN=e2,%s" % self.ou).lower() in dn_list)
709 res1 = self.ldb.search(self.ou,
710 scope=SCOPE_ONELEVEL,
711 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
712 self.assertEqual(len(res1), 2)
713 dn_list = [str(res.dn).lower() for res in res1]
714 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
715 self.assertTrue(("CN=e2,%s" % self.ou).lower() in dn_list)
717 def test_not_linked_attrs(self):
718 res1 = self.ldb.search(self.base_dn,
720 expression="wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,%s" % self.base_dn)
721 self.assertEqual(len(res1), 1)
722 self.assertEqual(str(res1[0].dn).lower(), self.base_dn.lower())
724 def test_invalid_basedn(self):
725 res1 = self.ldb.search(self.base_dn,
727 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,ou=computers,ou=matchrulestest,%sXX" % self.base_dn)
728 self.assertEqual(len(res1), 0)
730 res1 = self.ldb.search(self.base_dn,
732 expression="memberOf:1.2.840.113556.1.4.1941:=cn=XX,ou=computers,ou=matchrulestest,%s" % self.base_dn)
733 self.assertEqual(len(res1), 0)
735 def test_subtree(self):
736 res1 = self.ldb.search(self.ou,
738 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
739 self.assertEqual(len(res1), 1)
740 self.assertEqual(str(res1[0].dn).lower(), ("OU=o3,OU=o2,OU=o1,%s" % self.ou).lower())
742 res1 = self.ldb.search(self.ou,
743 scope=SCOPE_ONELEVEL,
744 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
745 self.assertEqual(len(res1), 0)
747 res1 = self.ldb.search(self.ou,
749 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
750 self.assertEqual(len(res1), 0)
752 res1 = self.ldb.search(self.ou,
753 scope=SCOPE_ONELEVEL,
754 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
755 self.assertEqual(len(res1), 0)
757 def test_unknown_oid(self):
758 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
760 expression="member:2.4.681.226012.2.8.3882:=cn=u1,%s" % self.ou_users)
761 self.assertEqual(len(res1), 0)
763 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
765 expression="member:8.16.8720.1008448.8.32.15528:=cn=u1,%s" % self.ou_users)
766 self.assertEqual(len(res1), 0)
768 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
770 expression="member:1.2.3.4:=cn=u1,%s" % self.ou_users)
771 self.assertEqual(len(res1), 0)
773 def test_nul_text(self):
774 self.assertRaises(TypeError,
775 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
777 expression="\00member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
778 self.assertRaises(TypeError,
779 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
781 expression="member:1.2.840\00.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
782 self.assertRaises(TypeError,
783 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
785 expression="member:1.2.840.113556.1.4.1941:=cn=u1\00,%s" % self.ou_users))
786 self.assertRaises(LdbError,
787 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
789 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
790 self.assertRaises(LdbError,
791 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
793 expression="member:1.2.840.113556.1.4.1941:"))
794 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
796 expression="member:1.2.840.113556.1.4.1941:=")
797 self.assertEqual(len(res1), 0)
798 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
800 expression="member=")
801 self.assertEqual(len(res1), 0)
802 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
804 expression="member:1.2.840.113556.1.4.1941:=nonexistent")
805 self.assertEqual(len(res1), 0)
806 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
808 expression="member=nonexistent")
809 self.assertEqual(len(res1), 0)
810 self.assertRaises(LdbError,
811 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
813 expression="member:1.2.840.113556.1.4.1941:cn=u1,%s" % self.ou_users))
814 self.assertRaises(LdbError,
815 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
817 expression="member:1.2.840.113556.1.4.1941:=cn=u1"))
818 self.assertRaises(LdbError,
819 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
821 expression="member:1.2.840.113556.1.4.1941:=cn="))
822 self.assertRaises(LdbError,
823 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
825 expression="member::=cn=u1,%s" % self.ou_users))
827 def test_misc_matches(self):
828 res1 = self.ldb.search(self.ou_groups,
830 expression="member=cn=g1,%s" % self.ou_groups)
831 self.assertEqual(len(res1), 0)
833 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
835 expression="member=cn=g1,%s" % self.ou_groups)
836 self.assertEqual(len(res1), 0)
838 res1 = self.ldb.search(self.ou_groups,
840 expression="member=cn=g1,%s" % self.ou_groups)
841 self.assertEqual(len(res1), 1)
842 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
844 res1 = self.ldb.search(self.ou_groups,
845 scope=SCOPE_ONELEVEL,
846 expression="member=cn=g1,%s" % self.ou_groups)
847 self.assertEqual(len(res1), 1)
848 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
850 res1 = self.ldb.search(self.ou_groups,
852 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
853 self.assertEqual(len(res1), 0)
855 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
857 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
858 self.assertEqual(len(res1), 0)
860 res1 = self.ldb.search(self.ou_groups,
862 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
863 self.assertEqual(len(res1), 3)
864 dn_list = [str(res.dn) for res in res1]
865 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
866 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
867 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
869 res1 = self.ldb.search(self.ou_groups,
870 scope=SCOPE_ONELEVEL,
871 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
872 self.assertEqual(len(res1), 3)
873 dn_list = [str(res.dn) for res in res1]
874 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
875 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
876 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
878 res1 = self.ldb.search(self.ou_groups,
880 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
881 self.assertEqual(len(res1), 0)
883 res1 = self.ldb.search(self.ou_groups,
884 scope=SCOPE_ONELEVEL,
885 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
886 self.assertEqual(len(res1), 0)
888 res1 = self.ldb.search(self.ou_groups,
890 expression="memberOf=cn=g4,%s" % self.ou_groups)
891 self.assertEqual(len(res1), 0)
893 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
895 expression="memberOf=cn=g4,%s" % self.ou_groups)
896 self.assertEqual(len(res1), 0)
898 res1 = self.ldb.search(self.ou_groups,
900 expression="memberOf=cn=g4,%s" % self.ou_groups)
901 self.assertEqual(len(res1), 1)
902 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
904 res1 = self.ldb.search(self.ou_groups,
905 scope=SCOPE_ONELEVEL,
906 expression="memberOf=cn=g4,%s" % self.ou_groups)
907 self.assertEqual(len(res1), 1)
908 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
910 res1 = self.ldb.search(self.ou_groups,
912 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
913 self.assertEqual(len(res1), 0)
915 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
917 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
918 self.assertEqual(len(res1), 0)
920 res1 = self.ldb.search(self.ou_groups,
922 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
923 self.assertEqual(len(res1), 3)
924 dn_list = [str(res.dn) for res in res1]
925 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
926 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
927 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
929 res1 = self.ldb.search(self.ou_groups,
930 scope=SCOPE_ONELEVEL,
931 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
932 self.assertEqual(len(res1), 3)
933 dn_list = [str(res.dn) for res in res1]
934 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
935 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
936 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
938 res1 = self.ldb.search(self.ou_groups,
940 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
941 self.assertEqual(len(res1), 0)
943 res1 = self.ldb.search(self.ou_groups,
945 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
946 self.assertEqual(len(res1), 0)
949 class MatchRuleConditionTests(samba.tests.TestCase):
951 super(MatchRuleConditionTests, self).setUp()
953 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
954 self.base_dn = self.ldb.domain_dn()
955 self.ou = "OU=matchruleconditiontests,%s" % self.base_dn
956 self.ou_users = "OU=users,%s" % self.ou
957 self.ou_groups = "OU=groups,%s" % self.ou
958 self.ou_computers = "OU=computers,%s" % self.ou
960 # Add a organizational unit to create objects
963 "objectclass": "organizationalUnit"})
965 # Create users, groups, and computers
968 "objectclass": "organizationalUnit"})
970 "dn": self.ou_groups,
971 "objectclass": "organizationalUnit"})
973 "dn": self.ou_computers,
974 "objectclass": "organizationalUnit"})
977 "dn": "cn=g1,%s" % self.ou_groups,
978 "objectclass": "group"})
980 "dn": "cn=g2,%s" % self.ou_groups,
981 "objectclass": "group"})
983 "dn": "cn=g3,%s" % self.ou_groups,
984 "objectclass": "group"})
986 "dn": "cn=g4,%s" % self.ou_groups,
987 "objectclass": "group"})
990 "dn": "cn=u1,%s" % self.ou_users,
991 "objectclass": "group"})
993 "dn": "cn=u2,%s" % self.ou_users,
994 "objectclass": "group"})
996 "dn": "cn=u3,%s" % self.ou_users,
997 "objectclass": "group"})
999 "dn": "cn=u4,%s" % self.ou_users,
1000 "objectclass": "group"})
1003 "dn": "cn=c1,%s" % self.ou_computers,
1004 "objectclass": "user"})
1007 "dn": "cn=c2,%s" % self.ou_computers,
1008 "objectclass": "user"})
1011 "dn": "cn=c3,%s" % self.ou_computers,
1012 "objectclass": "user"})
1015 "dn": "cn=c4,%s" % self.ou_computers,
1016 "objectclass": "user"})
1018 # Assign groups according to the following structure:
1019 # g1-->g2---->g3 --g4
1021 # u1- >u2-- | u3<- | u4
1024 # *c1 is a member of u1, u2, u3, and u4
1026 # u2 is a member of g1 and g2
1028 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1029 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1030 FLAG_MOD_ADD, "member")
1034 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1035 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1036 FLAG_MOD_ADD, "member")
1039 # g2 is a member of g1
1041 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1042 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
1043 FLAG_MOD_ADD, "member")
1046 # g3 is a member of g2
1048 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1049 m["member"] = MessageElement("CN=g3,%s" % self.ou_groups,
1050 FLAG_MOD_ADD, "member")
1053 # u3 is a member of g3 and g4
1055 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1056 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1057 FLAG_MOD_ADD, "member")
1061 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1062 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1063 FLAG_MOD_ADD, "member")
1066 # u4 is a member of g4
1068 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1069 m["member"] = MessageElement("CN=u4,%s" % self.ou_users,
1070 FLAG_MOD_ADD, "member")
1073 # c1 is a member of u1, u2, u3, and u4
1075 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1076 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1077 FLAG_MOD_ADD, "member")
1081 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1082 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1083 FLAG_MOD_ADD, "member")
1087 m.dn = Dn(self.ldb, "CN=u3,%s" % self.ou_users)
1088 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1089 FLAG_MOD_ADD, "member")
1093 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1094 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1095 FLAG_MOD_ADD, "member")
1098 # c2 is a member of u1
1100 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1101 m["member"] = MessageElement("CN=c2,%s" % self.ou_computers,
1102 FLAG_MOD_ADD, "member")
1105 # c3 is a member of u2 and g3
1107 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1108 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1109 FLAG_MOD_ADD, "member")
1113 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1114 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1115 FLAG_MOD_ADD, "member")
1118 # c4 is a member of u4 and g4
1120 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1121 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1122 FLAG_MOD_ADD, "member")
1126 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1127 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1128 FLAG_MOD_ADD, "member")
1131 self.question = 6 * (9 -2)
1135 super(MatchRuleConditionTests, self).tearDown()
1136 self.ldb.delete(self.ou, controls=['tree_delete:0'])
1139 def test_g1_members(self):
1140 res1 = self.ldb.search(self.ou,
1141 scope=SCOPE_SUBTREE,
1142 expression="memberOf=cn=g1,%s" % self.ou_groups)
1143 self.assertEquals(len(res1), 2)
1144 dn_list = [str(res.dn) for res in res1]
1145 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1146 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1148 res1 = self.ldb.search(self.ou,
1149 scope=SCOPE_SUBTREE,
1150 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1151 self.assertEquals(len(res1), 6)
1152 dn_list = [str(res.dn) for res in res1]
1153 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1154 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1155 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1156 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1157 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1158 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1160 res1 = self.ldb.search(self.ou,
1161 scope=SCOPE_SUBTREE,
1162 expression="member=cn=g1,%s" % self.ou_groups)
1163 self.assertEquals(len(res1), 0)
1165 res1 = self.ldb.search(self.ou,
1166 scope=SCOPE_SUBTREE,
1167 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1168 self.assertEquals(len(res1), 0)
1170 def test_g2_members(self):
1171 res1 = self.ldb.search(self.ou,
1172 scope=SCOPE_SUBTREE,
1173 expression="memberOf=cn=g2,%s" % self.ou_groups)
1174 self.assertEquals(len(res1), 2)
1175 dn_list = [str(res.dn) for res in res1]
1176 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1177 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1179 res1 = self.ldb.search(self.ou,
1180 scope=SCOPE_SUBTREE,
1181 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1182 self.assertEquals(len(res1), 5)
1183 dn_list = [str(res.dn) for res in res1]
1184 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1185 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1186 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1187 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1188 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1190 res1 = self.ldb.search(self.ou,
1191 scope=SCOPE_SUBTREE,
1192 expression="member=cn=g2,%s" % self.ou_groups)
1193 self.assertEquals(len(res1), 1)
1194 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1196 res1 = self.ldb.search(self.ou,
1197 scope=SCOPE_SUBTREE,
1198 expression="member:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1199 self.assertEquals(len(res1), 1)
1200 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1202 def test_g3_members(self):
1203 res1 = self.ldb.search(self.ou,
1204 scope=SCOPE_SUBTREE,
1205 expression="memberOf=cn=g3,%s" % self.ou_groups)
1206 self.assertEquals(len(res1), 2)
1207 dn_list = [str(res.dn) for res in res1]
1208 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1209 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1211 res1 = self.ldb.search(self.ou,
1212 scope=SCOPE_SUBTREE,
1213 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1214 self.assertEquals(len(res1), 3)
1215 dn_list = [str(res.dn) for res in res1]
1216 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1217 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1218 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1220 res1 = self.ldb.search(self.ou,
1221 scope=SCOPE_SUBTREE,
1222 expression="member=cn=g3,%s" % self.ou_groups)
1223 self.assertEquals(len(res1), 1)
1224 self.assertEquals(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
1226 res1 = self.ldb.search(self.ou,
1227 scope=SCOPE_SUBTREE,
1228 expression="member:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1229 self.assertEquals(len(res1), 2)
1230 dn_list = [str(res.dn) for res in res1]
1231 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1232 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1234 def test_g4_members(self):
1235 res1 = self.ldb.search(self.ou,
1236 scope=SCOPE_SUBTREE,
1237 expression="memberOf=cn=g4,%s" % self.ou_groups)
1238 self.assertEquals(len(res1), 3)
1239 dn_list = [str(res.dn) for res in res1]
1240 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1241 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1242 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1244 res1 = self.ldb.search(self.ou,
1245 scope=SCOPE_SUBTREE,
1246 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1247 self.assertEquals(len(res1), 4)
1248 dn_list = [str(res.dn) for res in res1]
1249 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1250 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1251 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1252 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1254 res1 = self.ldb.search(self.ou,
1255 scope=SCOPE_SUBTREE,
1256 expression="member=cn=g4,%s" % self.ou_groups)
1257 self.assertEquals(len(res1), 0)
1259 res1 = self.ldb.search(self.ou,
1260 scope=SCOPE_SUBTREE,
1261 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1262 self.assertEquals(len(res1), 0)
1264 def test_u1_members(self):
1265 res1 = self.ldb.search(self.ou,
1266 scope=SCOPE_SUBTREE,
1267 expression="memberOf=cn=u1,%s" % self.ou_users)
1268 self.assertEqual(len(res1), 2)
1269 dn_list = [str(res.dn) for res in res1]
1270 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1271 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1273 res1 = self.ldb.search(self.ou,
1274 scope=SCOPE_SUBTREE,
1275 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1276 self.assertEqual(len(res1), 2)
1277 dn_list = [str(res.dn) for res in res1]
1278 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1279 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1281 res1 = self.ldb.search(self.ou,
1282 scope=SCOPE_SUBTREE,
1283 expression="member=cn=u1,%s" % self.ou_users)
1284 self.assertEqual(len(res1), 0)
1286 res1 = self.ldb.search(self.ou,
1287 scope=SCOPE_SUBTREE,
1288 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1289 self.assertEqual(len(res1), 0)
1291 def test_u2_members(self):
1292 res1 = self.ldb.search(self.ou,
1293 scope=SCOPE_SUBTREE,
1294 expression="memberOf=cn=u2,%s" % self.ou_users)
1295 self.assertEqual(len(res1), 2)
1296 dn_list = [str(res.dn) for res in res1]
1297 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1298 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1300 res1 = self.ldb.search(self.ou,
1301 scope=SCOPE_SUBTREE,
1302 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1303 self.assertEqual(len(res1), 2)
1304 dn_list = [str(res.dn) for res in res1]
1305 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1306 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1308 res1 = self.ldb.search(self.ou,
1309 scope=SCOPE_SUBTREE,
1310 expression="member=cn=u2,%s" % self.ou_users)
1311 self.assertEqual(len(res1), 2)
1312 dn_list = [str(res.dn) for res in res1]
1313 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1314 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1316 res1 = self.ldb.search(self.ou,
1317 scope=SCOPE_SUBTREE,
1318 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1319 self.assertEqual(len(res1), 2)
1320 dn_list = [str(res.dn) for res in res1]
1321 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1322 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1324 def test_u3_members(self):
1325 res1 = self.ldb.search(self.ou,
1326 scope=SCOPE_SUBTREE,
1327 expression="member=cn=u3,%s" % self.ou_users)
1328 self.assertEqual(len(res1), 2)
1329 dn_list = [str(res.dn) for res in res1]
1330 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1331 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1333 res1 = self.ldb.search(self.ou,
1334 scope=SCOPE_SUBTREE,
1335 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1336 self.assertEqual(len(res1), 4)
1337 dn_list = [str(res.dn) for res in res1]
1338 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1339 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1340 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1341 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1343 res1 = self.ldb.search(self.ou,
1344 scope=SCOPE_SUBTREE,
1345 expression="memberOf=cn=u3,%s" % self.ou_users)
1346 self.assertEqual(len(res1), 1)
1347 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1349 res1 = self.ldb.search(self.ou,
1350 scope=SCOPE_SUBTREE,
1351 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1352 self.assertEqual(len(res1), 1)
1353 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1355 def test_u4_members(self):
1356 res1 = self.ldb.search(self.ou,
1357 scope=SCOPE_SUBTREE,
1358 expression="member=cn=u4,%s" % self.ou_users)
1359 self.assertEqual(len(res1), 1)
1360 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1362 res1 = self.ldb.search(self.ou,
1363 scope=SCOPE_SUBTREE,
1364 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1365 self.assertEqual(len(res1), 1)
1366 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1368 res1 = self.ldb.search(self.ou,
1369 scope=SCOPE_SUBTREE,
1370 expression="memberOf=cn=u4,%s" % self.ou_users)
1371 self.assertEqual(len(res1), 2)
1372 dn_list = [str(res.dn) for res in res1]
1373 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1374 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1376 res1 = self.ldb.search(self.ou,
1377 scope=SCOPE_SUBTREE,
1378 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1379 self.assertEqual(len(res1), 2)
1380 dn_list = [str(res.dn) for res in res1]
1381 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1382 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1384 def test_c1_members(self):
1385 res1 = self.ldb.search(self.ou,
1386 scope=SCOPE_SUBTREE,
1387 expression="member=cn=c1,%s" % self.ou_computers)
1388 self.assertEqual(len(res1), 4)
1389 dn_list = [str(res.dn) for res in res1]
1390 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1391 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1392 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1393 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1395 res1 = self.ldb.search(self.ou,
1396 scope=SCOPE_SUBTREE,
1397 expression="member:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1398 self.assertEqual(len(res1), 8)
1399 dn_list = [str(res.dn) for res in res1]
1400 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1401 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1402 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1403 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1404 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1405 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1406 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1407 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1409 res1 = self.ldb.search(self.ou,
1410 scope=SCOPE_SUBTREE,
1411 expression="memberOf=cn=c1,%s" % self.ou_computers)
1412 self.assertEqual(len(res1), 0)
1414 res1 = self.ldb.search(self.ou,
1415 scope=SCOPE_SUBTREE,
1416 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1417 self.assertEqual(len(res1), 0)
1419 def test_c2_members(self):
1420 res1 = self.ldb.search(self.ou,
1421 scope=SCOPE_SUBTREE,
1422 expression="member=cn=c2,%s" % self.ou_computers)
1423 self.assertEqual(len(res1), 1)
1424 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1426 res1 = self.ldb.search(self.ou,
1427 scope=SCOPE_SUBTREE,
1428 expression="member:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1429 self.assertEqual(len(res1), 1)
1430 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1432 res1 = self.ldb.search(self.ou,
1433 scope=SCOPE_SUBTREE,
1434 expression="memberOf=cn=c2,%s" % self.ou_computers)
1435 self.assertEqual(len(res1), 0)
1437 res1 = self.ldb.search(self.ou,
1438 scope=SCOPE_SUBTREE,
1439 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1440 self.assertEqual(len(res1), 0)
1442 def test_c3_members(self):
1443 res1 = self.ldb.search(self.ou,
1444 scope=SCOPE_SUBTREE,
1445 expression="member=cn=c3,%s" % self.ou_computers)
1446 self.assertEqual(len(res1), 2)
1447 dn_list = [str(res.dn) for res in res1]
1448 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1449 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1451 res1 = self.ldb.search(self.ou,
1452 scope=SCOPE_SUBTREE,
1453 expression="member:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1454 self.assertEqual(len(res1), 4)
1455 dn_list = [str(res.dn) for res in res1]
1456 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1457 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1458 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1459 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1461 res1 = self.ldb.search(self.ou,
1462 scope=SCOPE_SUBTREE,
1463 expression="memberOf=cn=c3,%s" % self.ou_computers)
1464 self.assertEqual(len(res1), 0)
1466 res1 = self.ldb.search(self.ou,
1467 scope=SCOPE_SUBTREE,
1468 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1469 self.assertEqual(len(res1), 0)
1471 def test_c4_members(self):
1472 res1 = self.ldb.search(self.ou,
1473 scope=SCOPE_SUBTREE,
1474 expression="member=cn=c4,%s" % self.ou_computers)
1475 self.assertEqual(len(res1), 2)
1476 dn_list = [str(res.dn) for res in res1]
1477 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1478 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1480 res1 = self.ldb.search(self.ou,
1481 scope=SCOPE_SUBTREE,
1482 expression="member:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1483 self.assertEqual(len(res1), 2)
1484 dn_list = [str(res.dn) for res in res1]
1485 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1486 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1488 res1 = self.ldb.search(self.ou,
1489 scope=SCOPE_SUBTREE,
1490 expression="memberOf=cn=c4,%s" % self.ou_computers)
1491 self.assertEqual(len(res1), 0)
1493 res1 = self.ldb.search(self.ou,
1494 scope=SCOPE_SUBTREE,
1495 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1496 self.assertEqual(len(res1), 0)
1498 def test_or_member_queries(self):
1499 res1 = self.ldb.search(self.ou,
1500 scope=SCOPE_SUBTREE,
1501 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1502 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1503 self.ou_computers, self.ou_computers))
1504 self.assertEqual(len(res1), 8)
1505 dn_list = [str(res.dn) for res in res1]
1506 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1507 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1508 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1509 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1510 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1511 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1512 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1513 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1515 res1 = self.ldb.search(self.ou,
1516 scope=SCOPE_SUBTREE,
1517 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1518 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1519 self.ou_computers, self.ou_computers))
1520 self.assertEqual(len(res1), 5)
1521 dn_list = [str(res.dn) for res in res1]
1522 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1523 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1524 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1525 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1526 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1528 res1 = self.ldb.search(self.ou,
1529 scope=SCOPE_SUBTREE,
1530 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1531 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1532 self.ou_computers, self.ou_computers))
1533 self.assertEqual(len(res1), 3)
1534 dn_list = [str(res.dn) for res in res1]
1535 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1536 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1537 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1539 res1 = self.ldb.search(self.ou,
1540 scope=SCOPE_SUBTREE,
1541 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1542 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1543 self.ou_computers, self.ou_computers))
1544 self.assertEqual(len(res1), 6)
1545 dn_list = [str(res.dn) for res in res1]
1546 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1547 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1548 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1549 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1550 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1551 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1553 res1 = self.ldb.search(self.ou,
1554 scope=SCOPE_SUBTREE,
1555 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=u1,%s)"
1556 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1557 self.ou_users, self.ou_computers))
1558 self.assertEqual(len(res1), 2)
1559 dn_list = [str(res.dn) for res in res1]
1560 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1561 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1563 def test_and_member_queries(self):
1564 res1 = self.ldb.search(self.ou,
1565 scope=SCOPE_SUBTREE,
1566 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1567 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1568 self.ou_computers, self.ou_computers))
1569 self.assertEqual(len(res1), 1)
1570 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1572 res1 = self.ldb.search(self.ou,
1573 scope=SCOPE_SUBTREE,
1574 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1575 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1576 self.ou_computers, self.ou_computers))
1577 self.assertEqual(len(res1), 0)
1579 res1 = self.ldb.search(self.ou,
1580 scope=SCOPE_SUBTREE,
1581 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1582 "(member:1.2.840.113556.1.4.1941:=cn=u3,%s))") % (
1583 self.ou_computers, self.ou_users))
1584 self.assertEqual(len(res1), 3)
1585 dn_list = [str(res.dn) for res in res1]
1586 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1587 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1588 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1590 res1 = self.ldb.search(self.ou,
1591 scope=SCOPE_SUBTREE,
1592 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1593 "(member:1.2.840.113556.1.4.1941:=cn=u4,%s))") % (
1594 self.ou_computers, self.ou_computers))
1595 self.assertEqual(len(res1), 0)
1597 def test_or_memberOf_queries(self):
1598 res1 = self.ldb.search(self.ou,
1599 scope=SCOPE_SUBTREE,
1600 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1601 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1602 self.ou_groups, self.ou_groups))
1603 self.assertEqual(len(res1), 6)
1604 dn_list = [str(res.dn) for res in res1]
1605 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1606 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1607 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1608 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1609 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1610 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1612 res1 = self.ldb.search(self.ou,
1613 scope=SCOPE_SUBTREE,
1614 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1615 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1616 self.ou_groups, self.ou_groups))
1617 self.assertEqual(len(res1), 6)
1618 dn_list = [str(res.dn) for res in res1]
1619 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1620 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1621 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1622 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1623 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1624 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1626 res1 = self.ldb.search(self.ou,
1627 scope=SCOPE_SUBTREE,
1628 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1629 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1630 self.ou_groups, self.ou_groups))
1631 self.assertEqual(len(res1), 8)
1632 dn_list = [str(res.dn) for res in res1]
1633 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1634 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1635 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1636 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1637 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1638 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1639 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1640 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1642 res1 = self.ldb.search(self.ou,
1643 scope=SCOPE_SUBTREE,
1644 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1645 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") %
1646 (self.ou_groups, self.ou_groups))
1647 self.assertEqual(len(res1), 5)
1648 dn_list = [str(res.dn) for res in res1]
1649 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1650 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1651 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1652 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1653 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1655 res1 = self.ldb.search(self.ou,
1656 scope=SCOPE_SUBTREE,
1657 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1658 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1659 self.ou_groups, self.ou_groups))
1660 self.assertEqual(len(res1), 7)
1661 dn_list = [str(res.dn) for res in res1]
1662 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1663 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1664 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1665 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1666 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1667 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1668 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1670 res1 = self.ldb.search(self.ou,
1671 scope=SCOPE_SUBTREE,
1672 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1673 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1674 self.ou_groups, self.ou_groups))
1675 self.assertEqual(len(res1), 5)
1676 dn_list = [str(res.dn) for res in res1]
1677 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1678 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1679 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1680 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1681 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1683 def test_and_memberOf_queries(self):
1684 res1 = self.ldb.search(self.ou,
1685 scope=SCOPE_SUBTREE,
1686 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1687 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1688 self.ou_groups, self.ou_groups))
1689 self.assertEqual(len(res1), 5)
1690 dn_list = [str(res.dn) for res in res1]
1691 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1692 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1693 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1694 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1695 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1697 res1 = self.ldb.search(self.ou,
1698 scope=SCOPE_SUBTREE,
1699 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1700 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1701 self.ou_groups, self.ou_groups))
1702 self.assertEqual(len(res1), 3)
1703 dn_list = [str(res.dn) for res in res1]
1704 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1705 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1706 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1708 res1 = self.ldb.search(self.ou,
1709 scope=SCOPE_SUBTREE,
1710 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1711 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1712 self.ou_groups, self.ou_groups))
1713 self.assertEqual(len(res1), 2)
1714 dn_list = [str(res.dn) for res in res1]
1715 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1716 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1718 res1 = self.ldb.search(self.ou,
1719 scope=SCOPE_SUBTREE,
1720 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1721 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1722 self.ou_groups, self.ou_groups))
1723 self.assertEqual(len(res1), 3)
1724 dn_list = [str(res.dn) for res in res1]
1725 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1726 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1727 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1729 res1 = self.ldb.search(self.ou,
1730 scope=SCOPE_SUBTREE,
1731 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1732 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1733 self.ou_groups, self.ou_groups))
1734 self.assertEqual(len(res1), 2)
1735 dn_list = [str(res.dn) for res in res1]
1736 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1737 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1739 res1 = self.ldb.search(self.ou,
1740 scope=SCOPE_SUBTREE,
1741 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1742 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1743 self.ou_groups, self.ou_groups))
1744 self.assertEqual(len(res1), 2)
1745 dn_list = [str(res.dn) for res in res1]
1746 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1747 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1749 res1 = self.ldb.search(self.ou,
1750 scope=SCOPE_SUBTREE,
1751 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1752 "(memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s))") % (
1753 self.ou_groups, self.ou_computers))
1754 self.assertEqual(len(res1), 0)
1756 parser = optparse.OptionParser("match_rules.py [options] <host>")
1757 sambaopts = options.SambaOptions(parser)
1758 parser.add_option_group(sambaopts)
1759 parser.add_option_group(options.VersionOptions(parser))
1761 # use command line creds if available
1762 credopts = options.CredentialsOptions(parser)
1763 parser.add_option_group(credopts)
1764 opts, args = parser.parse_args()
1765 subunitopts = SubunitOptions(parser)
1766 parser.add_option_group(subunitopts)
1769 parser.print_usage()
1774 lp = sambaopts.get_loadparm()
1775 creds = credopts.get_credentials(lp)
1777 if not "://" in host:
1778 if os.path.isfile(host):
1779 host = "tdb://%s" % host
1781 host = "ldap://%s" % host
1783 TestProgram(module=__name__, opts=subunitopts)
git.samba.org / nivanova / samba-autobuild / .git / blob