2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
11 sys.path.append("bin/python")
13 samba.ensure_external_module("testtools", "testtools")
14 samba.ensure_external_module("subunit", "subunit/python")
16 import samba.getopt as options
18 from samba.auth import system_session
19 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
20 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
21 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
22 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
23 from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INVALID_ATTRIBUTE_SYNTAX
24 from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
25 from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
26 from ldb import Message, MessageElement, Dn
27 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
28 from ldb import timestring
30 from samba.dsdb import (UF_NORMAL_ACCOUNT,
31 UF_WORKSTATION_TRUST_ACCOUNT,
32 UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
33 ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
34 SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
35 SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
37 from subunit.run import SubunitTestRunner
40 from samba.ndr import ndr_pack, ndr_unpack
41 from samba.dcerpc import security
43 parser = optparse.OptionParser("ldap.py [options] <host>")
44 sambaopts = options.SambaOptions(parser)
45 parser.add_option_group(sambaopts)
46 parser.add_option_group(options.VersionOptions(parser))
47 # use command line creds if available
48 credopts = options.CredentialsOptions(parser)
49 parser.add_option_group(credopts)
50 opts, args = parser.parse_args()
58 lp = sambaopts.get_loadparm()
59 creds = credopts.get_credentials(lp)
61 class BasicTests(unittest.TestCase):
63 def delete_force(self, ldb, dn):
66 except LdbError, (num, _):
67 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
69 def find_basedn(self, ldb):
70 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
71 attrs=["defaultNamingContext"])
72 self.assertEquals(len(res), 1)
73 return res[0]["defaultNamingContext"][0]
75 def find_configurationdn(self, ldb):
76 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
77 self.assertEquals(len(res), 1)
78 return res[0]["configurationNamingContext"][0]
80 def find_schemadn(self, ldb):
81 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
82 self.assertEquals(len(res), 1)
83 return res[0]["schemaNamingContext"][0]
85 def find_domain_sid(self):
86 res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
87 return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
89 def set_dsheuristics(self, dsheuristics):
91 m.dn = Dn(self.ldb, "CN=Directory Service, CN=Windows NT, CN=Services, "
92 + self.configuration_dn)
93 if dsheuristics is not None:
94 m["dSHeuristics"] = MessageElement(dsheuristics, FLAG_MOD_REPLACE,
97 m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
101 super(BasicTests, self).setUp()
104 self.base_dn = self.find_basedn(ldb)
105 self.configuration_dn = self.find_configurationdn(ldb)
106 self.schema_dn = self.find_schemadn(ldb)
107 self.domain_sid = self.find_domain_sid()
109 print "baseDN: %s\n" % self.base_dn
111 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
112 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
113 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
114 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
115 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
116 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
117 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
118 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
119 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
120 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
121 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
122 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
123 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
124 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
125 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
126 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
127 self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
128 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
129 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
130 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
131 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
132 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
133 self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
135 def test_objectclasses(self):
136 """Test objectClass behaviour"""
137 print "Test objectClass behaviour"""
139 # We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
142 "dn": "cn=testsecret,cn=system," + self.base_dn,
143 "objectClass": "secret" })
145 except LdbError, (num, _):
146 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
148 # Invalid objectclass specified
151 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
154 except LdbError, (num, _):
155 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
157 # Invalid objectclass specified
160 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
161 "objectClass": "X" })
163 except LdbError, (num, _):
164 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
166 # Invalid objectCategory specified
169 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
170 "objectClass": "person",
171 "objectCategory": self.base_dn })
173 except LdbError, (num, _):
174 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
176 # Multi-valued "systemFlags"
179 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
180 "objectClass": "person",
181 "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)] })
183 except LdbError, (num, _):
184 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
186 # We cannot instanciate from an abstract objectclass
189 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
190 "objectClass": "connectionPoint" })
192 except LdbError, (num, _):
193 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
195 # Test allowed system flags
197 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
198 "objectClass": "person",
199 "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
201 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
202 scope=SCOPE_BASE, attrs=["systemFlags"])
203 self.assertTrue(len(res) == 1)
204 self.assertEquals(res[0]["systemFlags"][0], "0")
206 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
209 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
210 "objectClass": "person" })
212 # We can remove derivation classes of the structural objectclass
213 # but they're going to be readded afterwards
215 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
216 m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
220 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
221 scope=SCOPE_BASE, attrs=["objectClass"])
222 self.assertTrue(len(res) == 1)
223 self.assertTrue("top" in res[0]["objectClass"])
225 # The top-most structural class cannot be deleted since there are
226 # attributes of it in use
228 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
229 m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
234 except LdbError, (num, _):
235 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
237 # We cannot delete classes which weren't specified
239 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
240 m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
245 except LdbError, (num, _):
246 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
248 # An invalid class cannot be added
250 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
251 m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
256 except LdbError, (num, _):
257 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
259 # The top-most structural class cannot be changed by adding another
262 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
263 m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
268 except LdbError, (num, _):
269 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
271 # An already specified objectclass cannot be added another time
273 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
274 m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
279 except LdbError, (num, _):
280 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
282 # Auxiliary classes can always be added
284 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
285 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
289 # It's only possible to replace with the same objectclass combination.
290 # So the replace action on "objectClass" attributes is really useless.
292 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
293 m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
294 FLAG_MOD_REPLACE, "objectClass")
298 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
299 m["objectClass"] = MessageElement(["person", "bootableDevice"],
300 FLAG_MOD_REPLACE, "objectClass")
304 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
305 m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
306 "connectionPoint"], FLAG_MOD_REPLACE, "objectClass")
310 except LdbError, (num, _):
311 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
313 # We cannot remove all object classes by an empty replace
315 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
316 m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
320 except LdbError, (num, _):
321 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
324 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
325 m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
330 except LdbError, (num, _):
331 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
333 # Classes can be removed unless attributes of them are used.
335 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
336 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
340 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
341 scope=SCOPE_BASE, attrs=["objectClass"])
342 self.assertTrue(len(res) == 1)
343 self.assertFalse("bootableDevice" in res[0]["objectClass"])
346 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
347 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
351 # Add an attribute specific to the "bootableDevice" class
353 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
354 m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
358 # Classes can be removed unless attributes of them are used. Now there
359 # exist such attributes on the entry.
361 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
362 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
367 except LdbError, (num, _):
368 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
370 # Remove the previously specified attribute
372 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
373 m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
377 # Classes can be removed unless attributes of them are used.
379 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
380 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
384 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
386 def test_system_only(self):
387 """Test systemOnly objects"""
388 print "Test systemOnly objects"""
392 "dn": "cn=ldaptestobject," + self.base_dn,
393 "objectclass": "configuration"})
395 except LdbError, (num, _):
396 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
400 "dn": "cn=testsecret,cn=system," + self.base_dn,
401 "objectclass": "secret"})
403 except LdbError, (num, _):
404 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
406 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
407 self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
411 "dn": "cn=ldaptestcontainer," + self.base_dn,
412 "objectclass": "container",
413 "isCriticalSystemObject": "TRUE"})
415 except LdbError, (num, _):
416 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
419 "dn": "cn=ldaptestcontainer," + self.base_dn,
420 "objectclass": "container"})
423 m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
424 m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
425 "isCriticalSystemObject")
429 except LdbError, (num, _):
430 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
432 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
434 # Proof if DC SAM object has "isCriticalSystemObject" set
435 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["serverName"])
436 self.assertTrue(len(res) == 1)
437 self.assertTrue("serverName" in res[0])
438 res = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
439 attrs=["serverReference"])
440 self.assertTrue(len(res) == 1)
441 self.assertTrue("serverReference" in res[0])
442 res = self.ldb.search(res[0]["serverReference"][0], scope=SCOPE_BASE,
443 attrs=["isCriticalSystemObject"])
444 self.assertTrue(len(res) == 1)
445 self.assertTrue("isCriticalSystemObject" in res[0])
446 self.assertEquals(res[0]["isCriticalSystemObject"][0], "TRUE")
448 def test_invalid_parent(self):
449 """Test adding an object with invalid parent"""
450 print "Test adding an object with invalid parent"""
454 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
456 "objectclass": "group"})
458 except LdbError, (num, _):
459 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
461 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
466 "dn": "ou=testou,cn=users," + self.base_dn,
467 "objectclass": "organizationalUnit"})
469 except LdbError, (num, _):
470 self.assertEquals(num, ERR_NAMING_VIOLATION)
472 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
474 def test_invalid_attribute(self):
475 """Test invalid attributes on schema/objectclasses"""
476 print "Test invalid attributes on schema/objectclasses"""
478 # attributes not in schema test
484 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
485 "objectclass": "group",
486 "thisdoesnotexist": "x"})
488 except LdbError, (num, _):
489 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
492 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
493 "objectclass": "group"})
498 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
499 m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
504 except LdbError, (num, _):
505 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
507 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
509 # attributes not in objectclasses and mandatory attributes missing test
510 # Use here a non-SAM entry since it doesn't have special triggers
511 # associated which have an impact on the error results.
515 # mandatory attribute missing
518 "dn": "cn=ldaptestobject," + self.base_dn,
519 "objectclass": "ipProtocol"})
521 except LdbError, (num, _):
522 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
524 # inadequate but schema-valid attribute specified
527 "dn": "cn=ldaptestobject," + self.base_dn,
528 "objectclass": "ipProtocol",
529 "ipProtocolNumber": "1",
532 except LdbError, (num, _):
533 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
536 "dn": "cn=ldaptestobject," + self.base_dn,
537 "objectclass": "ipProtocol",
538 "ipProtocolNumber": "1"})
542 # inadequate but schema-valid attribute add trial
544 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
545 m["uid"] = MessageElement("0", FLAG_MOD_ADD, "uid")
549 except LdbError, (num, _):
550 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
552 # mandatory attribute delete trial
554 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
555 m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
560 except LdbError, (num, _):
561 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
563 # mandatory attribute delete trial
565 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
566 m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
571 except LdbError, (num, _):
572 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
574 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
576 def test_single_valued_attributes(self):
577 """Test single-valued attributes"""
578 print "Test single-valued attributes"""
582 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
583 "objectclass": "group",
584 "sAMAccountName": ["nam1", "nam2"]})
586 except LdbError, (num, _):
587 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
590 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
591 "objectclass": "group"})
594 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
595 m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
600 except LdbError, (num, _):
601 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
604 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
605 m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
610 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
611 m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
616 except LdbError, (num, _):
617 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
619 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
621 def test_description_attribute(self):
622 """Test description attribute"""
623 print "Test description attribute"""
626 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
627 "description": "desc2",
628 "objectclass": "group",
629 "description": "desc1"})
631 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
632 scope=SCOPE_BASE, attrs=["description"])
633 self.assertTrue(len(res) == 1)
634 self.assertTrue("description" in res[0])
635 self.assertTrue(len(res[0]["description"]) == 1)
636 self.assertEquals(res[0]["description"][0], "desc1")
638 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
641 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
642 "objectclass": "group",
643 "description": ["desc1", "desc2"]})
645 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
646 scope=SCOPE_BASE, attrs=["description"])
647 self.assertTrue(len(res) == 1)
648 self.assertTrue("description" in res[0])
649 self.assertTrue(len(res[0]["description"]) == 2)
650 self.assertTrue(res[0]["description"][0] == "desc1" or
651 res[0]["description"][1] == "desc1")
652 self.assertTrue(res[0]["description"][0] == "desc2" or
653 res[0]["description"][1] == "desc2")
656 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
657 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
662 except LdbError, (num, _):
663 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
666 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
667 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
671 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
674 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
675 "objectclass": "group" })
678 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
679 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
683 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
684 scope=SCOPE_BASE, attrs=["description"])
685 self.assertTrue(len(res) == 1)
686 self.assertTrue("description" in res[0])
687 self.assertTrue(len(res[0]["description"]) == 1)
688 self.assertEquals(res[0]["description"][0], "desc1")
690 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
693 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
694 "objectclass": "group",
695 "description": ["desc1", "desc2"]})
698 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
699 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
703 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
704 scope=SCOPE_BASE, attrs=["description"])
705 self.assertTrue(len(res) == 1)
706 self.assertTrue("description" in res[0])
707 self.assertTrue(len(res[0]["description"]) == 1)
708 self.assertEquals(res[0]["description"][0], "desc1")
711 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
712 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
717 except LdbError, (num, _):
718 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
721 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
722 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
727 except LdbError, (num, _):
728 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
731 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
732 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
735 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
736 scope=SCOPE_BASE, attrs=["description"])
737 self.assertTrue(len(res) == 1)
738 self.assertFalse("description" in res[0])
741 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
742 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
747 except LdbError, (num, _):
748 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
751 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
752 m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
757 except LdbError, (num, _):
758 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
761 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
762 m["description"] = MessageElement("desc1", FLAG_MOD_ADD,
766 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
767 scope=SCOPE_BASE, attrs=["description"])
768 self.assertTrue(len(res) == 1)
769 self.assertTrue("description" in res[0])
770 self.assertTrue(len(res[0]["description"]) == 1)
771 self.assertEquals(res[0]["description"][0], "desc1")
773 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
775 def test_attribute_ranges(self):
776 """Test attribute ranges"""
777 print "Test attribute ranges"""
782 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
783 "objectClass": "person",
786 except LdbError, (num, _):
787 self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
792 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
793 # "objectClass": "person",
794 # "sn": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" })
796 # except LdbError, (num, _):
797 # self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
800 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
801 "objectClass": "person" })
805 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
806 m["sn"] = MessageElement("", FLAG_MOD_REPLACE, "sn")
810 except LdbError, (num, _):
811 self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
815 # m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
816 # m["sn"] = MessageElement("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", FLAG_MOD_REPLACE, "sn")
820 # except LdbError, (num, _):
821 # self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
824 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
825 m["sn"] = MessageElement("x", FLAG_MOD_REPLACE, "sn")
828 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
830 def test_empty_messages(self):
831 """Test empty messages"""
832 print "Test empty messages"""
835 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
840 except LdbError, (num, _):
841 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
846 except LdbError, (num, _):
847 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
849 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
851 def test_empty_attributes(self):
852 """Test empty attributes"""
853 print "Test empty attributes"""
856 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
857 m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
858 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
863 except LdbError, (num, _):
864 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
867 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
868 "objectclass": "group"})
871 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
872 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
877 except LdbError, (num, _):
878 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
881 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
882 m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
886 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
887 m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
891 except LdbError, (num, _):
892 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
894 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
896 def test_instanceType(self):
897 """Tests the 'instanceType' attribute"""
898 print "Tests the 'instanceType' attribute"""
900 # The instance type is single-valued
903 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
904 "objectclass": "group",
905 "instanceType": ["0", "1"]})
907 except LdbError, (num, _):
908 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
910 # The head NC flag cannot be set without the write flag
913 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
914 "objectclass": "group",
915 "instanceType": "1" })
917 except LdbError, (num, _):
918 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
920 # We cannot manipulate NCs without the head NC flag
923 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
924 "objectclass": "group",
925 "instanceType": "32" })
927 except LdbError, (num, _):
928 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
931 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
932 "objectclass": "group"})
935 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
936 m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
941 except LdbError, (num, _):
942 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
945 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
946 m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
951 except LdbError, (num, _):
952 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
955 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
956 m["instanceType"] = MessageElement([], FLAG_MOD_DELETE, "instanceType")
960 except LdbError, (num, _):
961 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
963 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
965 def test_distinguished_name(self):
966 """Tests the 'distinguishedName' attribute"""
967 print "Tests the 'distinguishedName' attribute"""
969 # The "dn" shortcut isn't supported
971 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
972 m["objectClass"] = MessageElement("group", 0, "objectClass")
973 m["dn"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn, 0,
978 except LdbError, (num, _):
979 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
981 # a wrong "distinguishedName" attribute is obviously tolerated
983 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
984 "objectclass": "group",
985 "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
987 # proof if the DN has been set correctly
988 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
989 scope=SCOPE_BASE, attrs=["distinguishedName"])
990 self.assertTrue(len(res) == 1)
991 self.assertTrue("distinguishedName" in res[0])
992 self.assertTrue(Dn(ldb, res[0]["distinguishedName"][0])
993 == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
995 # The "dn" shortcut isn't supported
997 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
998 m["dn"] = MessageElement(
999 "cn=ldaptestgroup,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
1004 except LdbError, (num, _):
1005 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
1008 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1009 m["distinguishedName"] = MessageElement(
1010 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
1011 "distinguishedName")
1016 except LdbError, (num, _):
1017 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1020 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1021 m["distinguishedName"] = MessageElement(
1022 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
1023 "distinguishedName")
1028 except LdbError, (num, _):
1029 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1032 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1033 m["distinguishedName"] = MessageElement(
1034 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
1035 "distinguishedName")
1040 except LdbError, (num, _):
1041 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1043 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1045 def test_rdn_name(self):
1047 print "Tests the RDN"""
1051 "dn": "description=xyz,cn=users," + self.base_dn,
1052 "objectclass": "group"})
1054 except LdbError, (num, _):
1055 self.assertEquals(num, ERR_NAMING_VIOLATION)
1057 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
1059 # a wrong "name" attribute is obviously tolerated
1061 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1062 "objectclass": "group",
1063 "name": "ldaptestgroupx"})
1065 # proof if the name has been set correctly
1066 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
1067 scope=SCOPE_BASE, attrs=["name"])
1068 self.assertTrue(len(res) == 1)
1069 self.assertTrue("name" in res[0])
1070 self.assertTrue(res[0]["name"][0] == "ldaptestgroup")
1073 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1074 m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
1079 except LdbError, (num, _):
1080 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
1083 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1084 m["cn"] = MessageElement("ldaptestuser",
1085 FLAG_MOD_REPLACE, "cn")
1089 except LdbError, (num, _):
1090 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
1092 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1095 # this test needs to be disabled until we really understand
1096 # what the rDN length constraints are
1097 def DISABLED_test_largeRDN(self):
1098 """Testing large rDN (limit 64 characters)"""
1099 rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
1100 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1102 dn: %s,%s""" % (rdn,self.base_dn) + """
1103 objectClass: container
1105 self.ldb.add_ldif(ldif)
1106 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1108 rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
1109 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1112 dn: %s,%s""" % (rdn,self.base_dn) + """
1113 objectClass: container
1115 self.ldb.add_ldif(ldif)
1117 except LdbError, (num, _):
1118 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1119 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1121 def test_rename(self):
1122 """Tests the rename operation"""
1123 print "Tests the rename operations"""
1126 # cannot rename to be a child of itself
1127 ldb.rename(self.base_dn, "dc=test," + self.base_dn)
1129 except LdbError, (num, _):
1130 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1134 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1136 except LdbError, (num, _):
1137 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1140 "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
1141 "objectclass": "user" })
1143 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1144 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1145 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
1148 # containment problem: a user entry cannot contain user entries
1149 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser4,cn=ldaptestuser3,cn=users," + self.base_dn)
1151 except LdbError, (num, _):
1152 self.assertEquals(num, ERR_NAMING_VIOLATION)
1156 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=people,cn=users," + self.base_dn)
1158 except LdbError, (num, _):
1159 self.assertEquals(num, ERR_OTHER)
1162 # invalid target DN syntax
1163 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
1165 except LdbError, (num, _):
1166 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
1170 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "ou=ldaptestuser3,cn=users," + self.base_dn)
1172 except LdbError, (num, _):
1173 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1175 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1177 # Performs some "systemFlags" testing
1179 # Move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_MOVE"
1181 ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers,CN=Services," + self.configuration_dn)
1183 except LdbError, (num, _):
1184 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1186 # Limited move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE"
1188 ldb.rename("CN=Directory Service,CN=Windows NT,CN=Services," + self.configuration_dn, "CN=Directory Service,CN=RRAS,CN=Services," + self.configuration_dn)
1190 except LdbError, (num, _):
1191 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1193 # Rename failing since no "SYSTEM_FLAG_CONFIG_ALLOW_RENAME"
1195 ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers2," + self.configuration_dn)
1197 except LdbError, (num, _):
1198 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1200 # It's not really possible to test moves on the schema partition since
1201 # there don't exist subcontainers on it.
1203 # Rename failing since "SYSTEM_FLAG_SCHEMA_BASE_OBJECT"
1205 ldb.rename("CN=Top," + self.schema_dn, "CN=Top2," + self.schema_dn)
1207 except LdbError, (num, _):
1208 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1210 # Move failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE"
1212 ldb.rename("CN=Users," + self.base_dn, "CN=Users,CN=Computers," + self.base_dn)
1214 except LdbError, (num, _):
1215 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1217 # Rename failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME"
1219 ldb.rename("CN=Users," + self.base_dn, "CN=Users2," + self.base_dn)
1221 except LdbError, (num, _):
1222 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1224 # Performs some other constraints testing
1227 ldb.rename("CN=Policies,CN=System," + self.base_dn, "CN=Users2," + self.base_dn)
1229 except LdbError, (num, _):
1230 self.assertEquals(num, ERR_OTHER)
1232 def test_rename_twice(self):
1233 """Tests the rename operation twice - this corresponds to a past bug"""
1234 print "Tests the rename twice operation"""
1237 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
1238 "objectclass": "user" })
1240 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
1241 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1243 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
1244 "objectclass": "user" })
1245 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
1246 res = ldb.search(expression="cn=ldaptestuser5")
1247 print "Found %u records" % len(res)
1248 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
1249 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
1250 print "Found %u records" % len(res)
1251 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
1252 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1254 def test_objectGUID(self):
1255 """Test objectGUID behaviour"""
1256 print "Testing objectGUID behaviour\n"
1258 # The objectGUID cannot directly be set
1260 self.ldb.add_ldif("""
1261 dn: cn=ldaptestcontainer,""" + self.base_dn + """
1262 objectClass: container
1263 objectGUID: bd3480c9-58af-4cd8-92df-bc4a18b6e44d
1266 except LdbError, (num, _):
1267 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1270 "dn": "cn=ldaptestcontainer," + self.base_dn,
1271 "objectClass": "container" })
1273 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1275 attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged"])
1276 self.assertTrue(len(res) == 1)
1277 self.assertTrue("objectGUID" in res[0])
1278 self.assertTrue("uSNCreated" in res[0])
1279 self.assertTrue("uSNChanged" in res[0])
1280 self.assertTrue("whenCreated" in res[0])
1281 self.assertTrue("whenChanged" in res[0])
1283 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1285 # All the following attributes are specificable on add operations
1287 "dn": "cn=ldaptestcontainer," + self.base_dn,
1288 "objectClass": "container",
1291 "whenCreated": timestring(long(time.time())),
1292 "whenChanged": timestring(long(time.time())) })
1294 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1296 attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged"])
1297 self.assertTrue(len(res) == 1)
1298 self.assertTrue("objectGUID" in res[0])
1299 self.assertTrue("uSNCreated" in res[0])
1300 self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
1301 self.assertTrue("uSNChanged" in res[0])
1302 self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
1304 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1306 # All this attributes are specificable on add operations
1308 "dn": "cn=ldaptestcontainer," + self.base_dn,
1309 "objectclass": "container",
1312 "whenCreated": timestring(long(time.time())),
1313 "whenChanged": timestring(long(time.time())) })
1315 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1317 attrs=["objectGUID", "uSNCreated", "uSNChanged", "whenCreated", "whenChanged"])
1318 self.assertTrue(len(res) == 1)
1319 self.assertTrue("objectGUID" in res[0])
1320 self.assertTrue("uSNCreated" in res[0])
1321 self.assertFalse(res[0]["uSNCreated"][0] == "1") # these are corrected
1322 self.assertTrue("uSNChanged" in res[0])
1323 self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
1324 self.assertTrue("whenCreated" in res[0])
1325 self.assertTrue("whenChanged" in res[0])
1327 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1329 def test_parentGUID(self):
1330 """Test parentGUID behaviour"""
1331 print "Testing parentGUID behaviour\n"
1334 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
1335 "objectclass":"user",
1336 "samaccountname":"parentguidtest"});
1337 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
1338 attrs=["parentGUID", "samaccountname"]);
1339 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
1340 attrs=["objectGUID"]);
1341 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
1342 attrs=["parentGUID"]);
1343 res4 = ldb.search(base=self.configuration_dn, scope=SCOPE_BASE,
1344 attrs=["parentGUID"]);
1345 res5 = ldb.search(base=self.schema_dn, scope=SCOPE_BASE,
1346 attrs=["parentGUID"]);
1348 """Check if the parentGUID is valid """
1349 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
1351 """Check if it returns nothing when there is no parent object - default NC"""
1352 has_parentGUID = False
1353 for key in res3[0].keys():
1354 if key == "parentGUID":
1355 has_parentGUID = True
1357 self.assertFalse(has_parentGUID);
1359 """Check if it returns nothing when there is no parent object - configuration NC"""
1360 has_parentGUID = False
1361 for key in res4[0].keys():
1362 if key == "parentGUID":
1363 has_parentGUID = True
1365 self.assertFalse(has_parentGUID);
1367 """Check if it returns nothing when there is no parent object - schema NC"""
1368 has_parentGUID = False
1369 for key in res5[0].keys():
1370 if key == "parentGUID":
1371 has_parentGUID = True
1373 self.assertFalse(has_parentGUID);
1375 """Ensures that if you look for another object attribute after the constructed
1376 parentGUID, it will return correctly"""
1377 has_another_attribute = False
1378 for key in res1[0].keys():
1379 if key == "sAMAccountName":
1380 has_another_attribute = True
1382 self.assertTrue(has_another_attribute)
1383 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
1384 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
1386 print "Testing parentGUID behaviour on rename\n"
1389 "dn": "cn=testotherusers," + self.base_dn,
1390 "objectclass":"container"});
1391 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
1392 attrs=["objectGUID"]);
1393 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
1394 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
1395 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
1397 attrs=["parentGUID"]);
1398 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
1400 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
1401 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
1403 def test_groupType_int32(self):
1404 """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
1405 print "Testing groupType (int32) behaviour\n"
1407 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
1408 attrs=["groupType"], expression="groupType=2147483653");
1410 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
1411 attrs=["groupType"], expression="groupType=-2147483643");
1413 self.assertEquals(len(res1), len(res2))
1415 self.assertTrue(res1.count > 0)
1417 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
1419 def test_linked_attributes(self):
1420 """This tests the linked attribute behaviour"""
1421 print "Testing linked attribute behaviour\n"
1424 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1425 "objectclass": "group"})
1427 # This should not work since "memberOf" is linked to "member"
1430 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
1431 "objectclass": "user",
1432 "memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
1433 except LdbError, (num, _):
1434 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1437 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
1438 "objectclass": "user"})
1441 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1442 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1443 FLAG_MOD_ADD, "memberOf")
1447 except LdbError, (num, _):
1448 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1451 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1452 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
1453 FLAG_MOD_ADD, "member")
1457 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1458 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1459 FLAG_MOD_REPLACE, "memberOf")
1463 except LdbError, (num, _):
1464 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1467 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1468 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1469 FLAG_MOD_DELETE, "memberOf")
1473 except LdbError, (num, _):
1474 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1477 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1478 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
1479 FLAG_MOD_DELETE, "member")
1482 # This should yield no results since the member attribute for
1483 # "ldaptestuser" should have been deleted
1484 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
1486 expression="(member=cn=ldaptestuser,cn=users," + self.base_dn + ")",
1488 self.assertTrue(len(res1) == 0)
1490 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1493 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1494 "objectclass": "group",
1495 "member": "cn=ldaptestuser,cn=users," + self.base_dn})
1497 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1499 # Make sure that the "member" attribute for "ldaptestuser" has been
1501 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
1502 scope=SCOPE_BASE, attrs=["member"])
1503 self.assertTrue(len(res) == 1)
1504 self.assertFalse("member" in res[0])
1506 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1508 def test_wkguid(self):
1509 """Test Well known GUID behaviours (including DN+Binary)"""
1510 print "Test Well known GUID behaviours (including DN+Binary)"""
1512 res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
1513 self.assertEquals(len(res), 1)
1515 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
1516 self.assertEquals(len(res2), 1)
1518 # Prove that the matching rule is over the whole DN+Binary
1519 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
1520 self.assertEquals(len(res2), 0)
1521 # Prove that the matching rule is over the whole DN+Binary
1522 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
1523 self.assertEquals(len(res2), 0)
1525 def test_subschemasubentry(self):
1526 """Test subSchemaSubEntry appears when requested, but not when not requested"""
1527 print "Test subSchemaSubEntry"""
1529 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
1530 self.assertEquals(len(res), 1)
1531 self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
1533 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
1534 self.assertEquals(len(res), 1)
1535 self.assertTrue("subScheamSubEntry" not in res[0])
1540 print "Testing user add"
1543 "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
1544 "objectclass": "user",
1545 "cN": "LDAPtestUSER",
1546 "givenname": "ldap",
1550 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
1551 "objectclass": "group",
1552 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
1555 "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
1556 "objectclass": "computer",
1557 "cN": "LDAPtestCOMPUTER"})
1559 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
1560 "objectClass": "computer",
1561 "cn": "LDAPtest2COMPUTER",
1562 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
1563 "displayname": "ldap testy"})
1566 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1567 "objectClass": "computer",
1568 "cn": "LDAPtest2COMPUTER"
1571 except LdbError, (num, _):
1572 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
1575 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1576 "objectClass": "computer",
1577 "cn": "ldaptestcomputer3",
1578 "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
1581 except LdbError, (num, _):
1582 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1584 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1585 "objectClass": "computer",
1586 "cn": "LDAPtestCOMPUTER3"
1589 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
1590 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
1591 self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
1593 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
1594 self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
1595 self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
1596 self.assertEquals(res[0]["objectClass"][0], "top");
1597 self.assertEquals(res[0]["objectClass"][1], "person");
1598 self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
1599 self.assertEquals(res[0]["objectClass"][3], "user");
1600 self.assertEquals(res[0]["objectClass"][4], "computer");
1601 self.assertTrue("objectGUID" in res[0])
1602 self.assertTrue("whenCreated" in res[0])
1603 self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
1604 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
1605 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
1606 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
1608 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1610 print "Testing attribute or value exists behaviour"
1613 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1615 replace: servicePrincipalName
1616 servicePrincipalName: host/ldaptest2computer
1617 servicePrincipalName: host/ldaptest2computer
1618 servicePrincipalName: cifs/ldaptest2computer
1621 except LdbError, (num, msg):
1622 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1625 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1627 replace: servicePrincipalName
1628 servicePrincipalName: host/ldaptest2computer
1629 servicePrincipalName: cifs/ldaptest2computer
1633 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1635 add: servicePrincipalName
1636 servicePrincipalName: host/ldaptest2computer
1639 except LdbError, (num, msg):
1640 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1642 print "Testing ranged results"
1644 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1646 replace: servicePrincipalName
1650 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1652 add: servicePrincipalName
1653 servicePrincipalName: host/ldaptest2computer0
1654 servicePrincipalName: host/ldaptest2computer1
1655 servicePrincipalName: host/ldaptest2computer2
1656 servicePrincipalName: host/ldaptest2computer3
1657 servicePrincipalName: host/ldaptest2computer4
1658 servicePrincipalName: host/ldaptest2computer5
1659 servicePrincipalName: host/ldaptest2computer6
1660 servicePrincipalName: host/ldaptest2computer7
1661 servicePrincipalName: host/ldaptest2computer8
1662 servicePrincipalName: host/ldaptest2computer9
1663 servicePrincipalName: host/ldaptest2computer10
1664 servicePrincipalName: host/ldaptest2computer11
1665 servicePrincipalName: host/ldaptest2computer12
1666 servicePrincipalName: host/ldaptest2computer13
1667 servicePrincipalName: host/ldaptest2computer14
1668 servicePrincipalName: host/ldaptest2computer15
1669 servicePrincipalName: host/ldaptest2computer16
1670 servicePrincipalName: host/ldaptest2computer17
1671 servicePrincipalName: host/ldaptest2computer18
1672 servicePrincipalName: host/ldaptest2computer19
1673 servicePrincipalName: host/ldaptest2computer20
1674 servicePrincipalName: host/ldaptest2computer21
1675 servicePrincipalName: host/ldaptest2computer22
1676 servicePrincipalName: host/ldaptest2computer23
1677 servicePrincipalName: host/ldaptest2computer24
1678 servicePrincipalName: host/ldaptest2computer25
1679 servicePrincipalName: host/ldaptest2computer26
1680 servicePrincipalName: host/ldaptest2computer27
1681 servicePrincipalName: host/ldaptest2computer28
1682 servicePrincipalName: host/ldaptest2computer29
1685 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
1686 attrs=["servicePrincipalName;range=0-*"])
1687 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1688 #print len(res[0]["servicePrincipalName;range=0-*"])
1689 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1691 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
1692 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1693 # print res[0]["servicePrincipalName;range=0-19"].length
1694 self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
1697 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
1698 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1699 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1701 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
1702 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1703 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1705 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
1706 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1707 self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
1710 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
1711 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1712 self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
1713 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
1715 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
1716 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1717 self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
1718 # print res[0]["servicePrincipalName;range=11-*"][18]
1720 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
1722 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
1723 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1724 self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
1725 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
1727 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
1728 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1729 # print res[0]["servicePrincipalName"][18]
1731 self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
1732 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
1734 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1736 "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
1737 "objectClass": "user",
1738 "cn": "LDAPtestUSER2",
1739 "givenname": "testy",
1740 "sn": "ldap user2"})
1742 print "Testing Ambigious Name Resolution"
1743 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1744 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
1745 self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
1747 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1748 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1749 self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
1751 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1752 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
1753 self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
1755 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1756 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
1757 self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
1759 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1760 self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1761 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1763 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1764 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
1765 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
1767 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1768 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1769 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
1771 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1772 # this test disabled for the moment, as anr with == tests are not understood
1773 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1774 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
1776 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1777 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1778 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1780 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1781 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1782 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
1784 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1785 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1786 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1788 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1789 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
1790 self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
1792 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1793 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1794 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1796 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1797 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
1798 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
1800 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1801 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1802 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1804 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1805 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
1806 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
1808 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1809 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1810 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1812 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1813 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
1814 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
1816 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1817 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
1818 self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
1820 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
1821 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
1822 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
1824 print "Testing Renames"
1826 attrs = ["objectGUID", "objectSid"]
1827 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1828 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1829 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1831 # Check rename works with extended/alternate DN forms
1832 ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
1834 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
1835 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
1836 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
1838 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1839 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1840 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1842 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
1843 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1844 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1846 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1847 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1848 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1850 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
1851 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1852 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1854 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1855 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1856 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1858 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
1859 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1860 self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1862 # This is a Samba special, and does not exist in real AD
1863 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1864 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1865 # if (res.error != 0 || len(res) != 1) {
1866 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1867 # self.assertEquals(len(res), 1)
1869 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1870 # self.assertEquals(res[0].cn, "ldaptestUSER3")
1871 # self.assertEquals(res[0].name, "ldaptestUSER3")
1873 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1874 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1875 self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1876 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1877 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1878 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1880 # ensure we cannot add it again
1882 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
1883 "objectClass": "user",
1884 "cn": "LDAPtestUSER3"})
1886 except LdbError, (num, _):
1887 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1890 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1892 # ensure we cannot rename it twice
1894 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
1895 "cn=ldaptestuser2,cn=users," + self.base_dn)
1897 except LdbError, (num, _):
1898 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1900 # ensure can now use that name
1901 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
1902 "objectClass": "user",
1903 "cn": "LDAPtestUSER3"})
1905 # ensure we now cannot rename
1907 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1909 except LdbError, (num, _):
1910 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1912 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
1914 except LdbError, (num, _):
1915 self.assertTrue(num in (71, 64))
1917 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
1919 ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
1921 self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1923 ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1925 print "Testing subtree renames"
1927 ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
1928 "objectClass": "container"})
1930 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
1931 "objectClass": "user",
1932 "cn": "LDAPtestUSER4"})
1935 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1938 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1939 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1940 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1943 print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
1944 ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
1946 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
1947 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
1948 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
1950 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1952 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1953 expression="(&(cn=ldaptestuser4)(objectClass=user))",
1954 scope=SCOPE_SUBTREE)
1956 except LdbError, (num, _):
1957 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1959 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1961 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1962 expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
1964 except LdbError, (num, _):
1965 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1967 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
1968 res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
1969 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
1971 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1972 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1976 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
1977 res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
1978 self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
1980 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
1982 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
1984 except LdbError, (num, _):
1985 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1987 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
1989 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
1991 except LdbError, (num, _):
1992 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1994 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
1996 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1998 except LdbError, (num, _):
1999 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
2001 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
2002 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
2003 self.assertEquals(len(res), 1)
2004 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
2005 self.assertEquals(len(res), 0)
2007 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
2008 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
2009 # FIXME: self.assertEquals(len(res), 0)
2011 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
2012 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
2013 # FIXME: self.assertEquals(len(res), 0)
2015 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
2016 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
2017 print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
2018 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
2020 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
2022 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
2024 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
2025 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
2026 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
2028 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
2029 self.assertEquals(str(res[0]["cn"]), "ldaptestuser")
2030 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
2031 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
2032 self.assertTrue("objectGUID" in res[0])
2033 self.assertTrue("whenCreated" in res[0])
2034 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
2035 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
2036 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
2037 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
2038 self.assertEquals(len(res[0]["memberOf"]), 1)
2040 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
2041 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
2042 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
2044 self.assertEquals(res[0].dn, res2[0].dn)
2046 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
2047 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
2048 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
2050 self.assertEquals(res[0].dn, res3[0].dn)
2052 if gc_ldb is not None:
2053 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
2054 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
2055 self.assertEquals(len(res3gc), 1)
2057 self.assertEquals(res[0].dn, res3gc[0].dn)
2059 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
2061 if gc_ldb is not None:
2062 res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
2063 self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
2065 self.assertEquals(res[0].dn, res3control[0].dn)
2067 ldb.delete(res[0].dn)
2069 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
2070 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
2071 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
2073 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
2074 self.assertEquals(str(res[0]["cn"]), "ldaptestcomputer")
2075 self.assertEquals(str(res[0]["name"]), "ldaptestcomputer")
2076 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
2077 self.assertTrue("objectGUID" in res[0])
2078 self.assertTrue("whenCreated" in res[0])
2079 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
2080 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
2081 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
2082 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
2083 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
2084 self.assertEquals(len(res[0]["memberOf"]), 1)
2086 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
2087 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
2088 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
2090 self.assertEquals(res[0].dn, res2[0].dn)
2092 if gc_ldb is not None:
2093 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
2094 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
2095 self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
2097 self.assertEquals(res[0].dn, res2gc[0].dn)
2099 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
2100 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2101 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2103 self.assertEquals(res[0].dn, res3[0].dn)
2105 if gc_ldb is not None:
2106 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
2107 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2108 self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
2110 self.assertEquals(res[0].dn, res3gc[0].dn)
2112 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
2113 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
2114 self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
2116 self.assertEquals(res[0].dn, res4[0].dn)
2118 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
2119 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
2120 self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
2122 self.assertEquals(res[0].dn, res5[0].dn)
2124 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
2125 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
2126 self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
2128 self.assertEquals(res[0].dn, res6[0].dn)
2130 ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
2132 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
2133 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
2134 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
2136 self.assertEquals(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
2137 self.assertEquals(str(res[0]["cn"]), "ldaptest2computer")
2138 self.assertEquals(str(res[0]["name"]), "ldaptest2computer")
2139 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
2140 self.assertTrue("objectGUID" in res[0])
2141 self.assertTrue("whenCreated" in res[0])
2142 self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
2143 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
2144 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
2146 ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
2148 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
2149 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
2150 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
2151 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
2153 self.assertEquals(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
2154 self.assertEquals(str(res_user[0]["cn"]), "ldaptestuser2")
2155 self.assertEquals(str(res_user[0]["name"]), "ldaptestuser2")
2156 self.assertEquals(list(res_user[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
2157 self.assertTrue("objectSid" in res_user[0])
2158 self.assertTrue("objectGUID" in res_user[0])
2159 self.assertTrue("whenCreated" in res_user[0])
2160 self.assertTrue("nTSecurityDescriptor" in res_user[0])
2161 self.assertTrue("allowedAttributes" in res_user[0])
2162 self.assertTrue("allowedAttributesEffective" in res_user[0])
2163 self.assertEquals(res_user[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
2165 ldaptestuser2_sid = res_user[0]["objectSid"][0]
2166 ldaptestuser2_guid = res_user[0]["objectGUID"][0]
2168 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
2169 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
2170 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2171 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2173 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2174 self.assertEquals(str(res[0]["cn"]), "ldaptestgroup2")
2175 self.assertEquals(str(res[0]["name"]), "ldaptestgroup2")
2176 self.assertEquals(list(res[0]["objectClass"]), ["top", "group"])
2177 self.assertTrue("objectGUID" in res[0])
2178 self.assertTrue("objectSid" in res[0])
2179 self.assertTrue("whenCreated" in res[0])
2180 self.assertTrue("nTSecurityDescriptor" in res[0])
2181 self.assertTrue("allowedAttributes" in res[0])
2182 self.assertTrue("allowedAttributesEffective" in res[0])
2184 for m in res[0]["member"]:
2185 memberUP.append(m.upper())
2186 self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
2188 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
2189 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2191 print res[0]["member"]
2193 for m in res[0]["member"]:
2194 memberUP.append(m.upper())
2195 print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
2197 self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
2199 print "Quicktest for linked attributes"
2201 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2204 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
2205 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2209 dn: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
2212 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2216 dn: <SID=""" + ldb.schema_format_value("objectSid", res[0]["objectSid"][0]) + """>
2222 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2225 member: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
2226 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2230 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2236 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2239 member: <SID=""" + ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0]) + """>
2240 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2244 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2247 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2250 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2251 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2253 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2254 self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
2255 self.assertEquals(len(res[0]["member"]), 1)
2257 ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
2261 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
2262 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
2263 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2264 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
2266 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2267 self.assertTrue("member" not in res[0])
2269 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
2270 # TODO UTF8 users don't seem to work fully anymore
2271 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2272 res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
2273 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2275 self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
2276 self.assertEquals(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
2277 self.assertEquals(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
2278 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
2279 self.assertTrue("objectGUID" in res[0])
2280 self.assertTrue("whenCreated" in res[0])
2282 ldb.delete(res[0].dn)
2284 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
2285 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
2286 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
2288 ldb.delete(res[0].dn)
2290 ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2292 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
2293 # TODO UTF8 users don't seem to work fully anymore
2294 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2295 # self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2297 print "Testing that we can't get at the configuration DN from the main search base"
2298 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2299 self.assertEquals(len(res), 0)
2301 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
2302 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
2303 self.assertTrue(len(res) > 0)
2305 if gc_ldb is not None:
2306 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
2308 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
2309 self.assertTrue(len(res) > 0)
2311 print "Testing that we do find configuration elements in the global catlog"
2312 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2313 self.assertTrue(len(res) > 0)
2315 print "Testing that we do find configuration elements and user elements at the same time"
2316 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
2317 self.assertTrue(len(res) > 0)
2319 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
2320 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2321 self.assertTrue(len(res) > 0)
2323 print "Testing that we can get at the configuration DN on the main LDAP port"
2324 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2325 self.assertTrue(len(res) > 0)
2327 print "Testing objectCategory canonacolisation"
2328 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
2329 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
2330 self.assertTrue(len(res) != 0)
2332 res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
2333 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
2334 self.assertTrue(len(res) != 0)
2336 print "Testing objectClass attribute order on "+ self.base_dn
2337 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
2338 scope=SCOPE_BASE, attrs=["objectClass"])
2339 self.assertEquals(len(res), 1)
2341 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
2345 print "Testing ldb.search for objectCategory=person"
2346 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
2347 self.assertTrue(len(res) > 0)
2349 print "Testing ldb.search for objectCategory=person with domain scope control"
2350 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2351 self.assertTrue(len(res) > 0)
2353 print "Testing ldb.search for objectCategory=user"
2354 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
2355 self.assertTrue(len(res) > 0)
2357 print "Testing ldb.search for objectCategory=user with domain scope control"
2358 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2359 self.assertTrue(len(res) > 0)
2361 print "Testing ldb.search for objectCategory=group"
2362 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
2363 self.assertTrue(len(res) > 0)
2365 print "Testing ldb.search for objectCategory=group with domain scope control"
2366 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2367 self.assertTrue(len(res) > 0)
2369 print "Testing creating a user with the posixAccount objectClass"
2370 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
2373 objectClass: posixAccount
2375 objectClass: organizationalPerson
2381 homeDirectory: /home/posixuser
2382 loginShell: /bin/bash
2383 gecos: Posix User;;;
2384 description: A POSIX user"""% (self.base_dn))
2386 print "Testing removing the posixAccount objectClass from an existing user"
2387 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
2390 objectClass: posixAccount"""% (self.base_dn))
2392 print "Testing adding the posixAccount objectClass to an existing user"
2393 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
2396 objectClass: posixAccount"""% (self.base_dn))
2398 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
2399 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
2400 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
2401 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
2402 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
2403 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
2404 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
2405 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
2406 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
2407 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
2408 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
2409 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
2410 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
2411 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
2412 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
2413 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
2415 def test_security_descriptor_add(self):
2416 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
2417 user_name = "testdescriptoruser1"
2418 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2420 # Test an empty security descriptor (naturally this shouldn't work)
2422 self.delete_force(self.ldb, user_dn)
2424 self.ldb.add({ "dn": user_dn,
2425 "objectClass": "user",
2426 "sAMAccountName": user_name,
2427 "nTSecurityDescriptor": [] })
2429 except LdbError, (num, _):
2430 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2432 self.delete_force(self.ldb, user_dn)
2434 # Test add_ldif() with SDDL security descriptor input
2437 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2438 self.ldb.add_ldif("""
2439 dn: """ + user_dn + """
2441 sAMAccountName: """ + user_name + """
2442 nTSecurityDescriptor: """ + sddl)
2443 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2444 desc = res[0]["nTSecurityDescriptor"][0]
2445 desc = ndr_unpack( security.descriptor, desc )
2446 desc_sddl = desc.as_sddl( self.domain_sid )
2447 self.assertEqual(desc_sddl, sddl)
2449 self.delete_force(self.ldb, user_dn)
2451 # Test add_ldif() with BASE64 security descriptor
2454 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2455 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2456 desc_binary = ndr_pack(desc)
2457 desc_base64 = base64.b64encode(desc_binary)
2458 self.ldb.add_ldif("""
2459 dn: """ + user_dn + """
2461 sAMAccountName: """ + user_name + """
2462 nTSecurityDescriptor:: """ + desc_base64)
2463 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2464 desc = res[0]["nTSecurityDescriptor"][0]
2465 desc = ndr_unpack(security.descriptor, desc)
2466 desc_sddl = desc.as_sddl(self.domain_sid)
2467 self.assertEqual(desc_sddl, sddl)
2469 self.delete_force(self.ldb, user_dn)
2471 def test_security_descriptor_add_neg(self):
2472 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
2475 user_name = "testdescriptoruser1"
2476 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2477 self.delete_force(self.ldb, user_dn)
2479 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2480 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
2481 desc_base64 = base64.b64encode( ndr_pack(desc) )
2482 self.ldb.add_ldif("""
2483 dn: """ + user_dn + """
2485 sAMAccountName: """ + user_name + """
2486 nTSecurityDescriptor:: """ + desc_base64)
2487 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2488 self.assertTrue("nTSecurityDescriptor" in res[0])
2490 self.delete_force(self.ldb, user_dn)
2492 def test_security_descriptor_modify(self):
2493 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
2494 user_name = "testdescriptoruser2"
2495 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2497 # Test an empty security descriptor (naturally this shouldn't work)
2499 self.delete_force(self.ldb, user_dn)
2500 self.ldb.add({ "dn": user_dn,
2501 "objectClass": "user",
2502 "sAMAccountName": user_name })
2505 m.dn = Dn(ldb, user_dn)
2506 m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_ADD,
2507 "nTSecurityDescriptor")
2511 except LdbError, (num, _):
2512 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2515 m.dn = Dn(ldb, user_dn)
2516 m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_REPLACE,
2517 "nTSecurityDescriptor")
2521 except LdbError, (num, _):
2522 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
2525 m.dn = Dn(ldb, user_dn)
2526 m["nTSecurityDescriptor"] = MessageElement([], FLAG_MOD_DELETE,
2527 "nTSecurityDescriptor")
2531 except LdbError, (num, _):
2532 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
2534 self.delete_force(self.ldb, user_dn)
2536 # Test modify_ldif() with SDDL security descriptor input
2537 # Add ACE to the original descriptor test
2540 self.ldb.add_ldif("""
2541 dn: """ + user_dn + """
2543 sAMAccountName: """ + user_name)
2545 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2546 desc = res[0]["nTSecurityDescriptor"][0]
2547 desc = ndr_unpack(security.descriptor, desc)
2548 desc_sddl = desc.as_sddl(self.domain_sid)
2549 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2551 dn: """ + user_dn + """
2553 replace: nTSecurityDescriptor
2554 nTSecurityDescriptor: """ + sddl
2555 self.ldb.modify_ldif(mod)
2556 # Read modified descriptor
2557 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2558 desc = res[0]["nTSecurityDescriptor"][0]
2559 desc = ndr_unpack(security.descriptor, desc)
2560 desc_sddl = desc.as_sddl(self.domain_sid)
2561 self.assertEqual(desc_sddl, sddl)
2563 self.delete_force(self.ldb, user_dn)
2565 # Test modify_ldif() with SDDL security descriptor input
2566 # New desctiptor test
2569 self.ldb.add_ldif("""
2570 dn: """ + user_dn + """
2572 sAMAccountName: """ + user_name)
2574 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2576 dn: """ + user_dn + """
2578 replace: nTSecurityDescriptor
2579 nTSecurityDescriptor: """ + sddl
2580 self.ldb.modify_ldif(mod)
2581 # Read modified descriptor
2582 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2583 desc = res[0]["nTSecurityDescriptor"][0]
2584 desc = ndr_unpack(security.descriptor, desc)
2585 desc_sddl = desc.as_sddl(self.domain_sid)
2586 self.assertEqual(desc_sddl, sddl)
2588 self.delete_force(self.ldb, user_dn)
2590 # Test modify_ldif() with BASE64 security descriptor input
2591 # Add ACE to the original descriptor test
2594 self.ldb.add_ldif("""
2595 dn: """ + user_dn + """
2597 sAMAccountName: """ + user_name)
2599 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2600 desc = res[0]["nTSecurityDescriptor"][0]
2601 desc = ndr_unpack(security.descriptor, desc)
2602 desc_sddl = desc.as_sddl(self.domain_sid)
2603 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2604 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2605 desc_base64 = base64.b64encode(ndr_pack(desc))
2607 dn: """ + user_dn + """
2609 replace: nTSecurityDescriptor
2610 nTSecurityDescriptor:: """ + desc_base64
2611 self.ldb.modify_ldif(mod)
2612 # Read modified descriptor
2613 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2614 desc = res[0]["nTSecurityDescriptor"][0]
2615 desc = ndr_unpack(security.descriptor, desc)
2616 desc_sddl = desc.as_sddl(self.domain_sid)
2617 self.assertEqual(desc_sddl, sddl)
2619 self.delete_force(self.ldb, user_dn)
2621 # Test modify_ldif() with BASE64 security descriptor input
2622 # New descriptor test
2625 self.delete_force(self.ldb, user_dn)
2626 self.ldb.add_ldif("""
2627 dn: """ + user_dn + """
2629 sAMAccountName: """ + user_name)
2631 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2632 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2633 desc_base64 = base64.b64encode(ndr_pack(desc))
2635 dn: """ + user_dn + """
2637 replace: nTSecurityDescriptor
2638 nTSecurityDescriptor:: """ + desc_base64
2639 self.ldb.modify_ldif(mod)
2640 # Read modified descriptor
2641 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2642 desc = res[0]["nTSecurityDescriptor"][0]
2643 desc = ndr_unpack(security.descriptor, desc)
2644 desc_sddl = desc.as_sddl(self.domain_sid)
2645 self.assertEqual(desc_sddl, sddl)
2647 self.delete_force(self.ldb, user_dn)
2649 def test_dsheuristics(self):
2650 """Tests the 'dSHeuristics' attribute"""
2651 print "Tests the 'dSHeuristics' attribute"""
2653 # Get the current value to restore it later
2654 res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
2655 + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
2656 if "dSHeuristics" in res[0]:
2657 dsheuristics = res[0]["dSHeuristics"][0]
2660 # Should not be longer than 18 chars?
2662 self.set_dsheuristics("123ABC-+!1asdfg@#^12")
2663 except LdbError, (num, _):
2664 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2665 # If it is >= 10 chars, tenthChar should be 1
2667 self.set_dsheuristics("00020000000002")
2668 except LdbError, (num, _):
2669 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2670 # apart from the above, all char values are accepted
2671 self.set_dsheuristics("123ABC-+!1asdfg@#^")
2672 res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
2673 + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
2674 self.assertTrue("dSHeuristics" in res[0])
2675 self.assertEquals(res[0]["dSHeuristics"][0], "123ABC-+!1asdfg@#^")
2677 self.set_dsheuristics(dsheuristics)
2680 class BaseDnTests(unittest.TestCase):
2683 super(BaseDnTests, self).setUp()
2686 def test_rootdse_attrs(self):
2687 """Testing for all rootDSE attributes"""
2688 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
2689 self.assertEquals(len(res), 1)
2691 def test_highestcommittedusn(self):
2692 """Testing for highestCommittedUSN"""
2693 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
2694 self.assertEquals(len(res), 1)
2695 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
2697 def test_netlogon(self):
2698 """Testing for netlogon via LDAP"""
2699 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
2700 self.assertEquals(len(res), 0)
2702 def test_netlogon_highestcommitted_usn(self):
2703 """Testing for netlogon and highestCommittedUSN via LDAP"""
2704 res = self.ldb.search("", scope=SCOPE_BASE,
2705 attrs=["netlogon", "highestCommittedUSN"])
2706 self.assertEquals(len(res), 0)
2708 def test_namingContexts(self):
2709 """Testing for namingContexts in rootDSE"""
2710 res = self.ldb.search("", scope=SCOPE_BASE,
2711 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
2712 self.assertEquals(len(res), 1)
2715 for nc in res[0]["namingContexts"]:
2716 self.assertTrue(nc not in ncs)
2719 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
2720 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
2721 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
2723 def test_serverPath(self):
2724 """Testing the server paths in rootDSE"""
2725 res = self.ldb.search("", scope=SCOPE_BASE,
2726 attrs=["dsServiceName", "serverName"])
2727 self.assertEquals(len(res), 1)
2729 self.assertTrue("CN=Servers" in res[0]["dsServiceName"][0])
2730 self.assertTrue("CN=Sites" in res[0]["dsServiceName"][0])
2731 self.assertTrue("CN=NTDS Settings" in res[0]["dsServiceName"][0])
2732 self.assertTrue("CN=Servers" in res[0]["serverName"][0])
2733 self.assertTrue("CN=Sites" in res[0]["serverName"][0])
2734 self.assertFalse("CN=NTDS Settings" in res[0]["serverName"][0])
2736 def test_dnsHostname(self):
2737 """Testing the DNS hostname in rootDSE"""
2738 res = self.ldb.search("", scope=SCOPE_BASE,
2739 attrs=["dnsHostName", "serverName"])
2740 self.assertEquals(len(res), 1)
2742 res2 = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
2743 attrs=["dNSHostName"])
2744 self.assertEquals(len(res2), 1)
2746 self.assertEquals(res[0]["dnsHostName"][0], res2[0]["dNSHostName"][0])
2748 def test_ldapServiceName(self):
2749 """Testing the ldap service name in rootDSE"""
2750 res = self.ldb.search("", scope=SCOPE_BASE,
2751 attrs=["ldapServiceName", "dNSHostName"])
2752 self.assertEquals(len(res), 1)
2754 (hostname, _, dns_domainname) = res[0]["dNSHostName"][0].partition(".")
2755 self.assertTrue(":%s$@%s" % (hostname, dns_domainname.upper())
2756 in res[0]["ldapServiceName"][0])
2758 if not "://" in host:
2759 if os.path.isfile(host):
2760 host = "tdb://%s" % host
2762 host = "ldap://%s" % host
2764 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
2765 if not "tdb://" in host:
2766 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
2767 session_info=system_session(), lp=lp)
2771 runner = SubunitTestRunner()
2773 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
2775 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():