import base64
import os
-sys.path.append("bin/python")
+sys.path.insert(0, "bin/python")
import samba
samba.ensure_external_module("testtools", "testtools")
samba.ensure_external_module("subunit", "subunit/python")
import unittest
from samba.ndr import ndr_pack, ndr_unpack
-from samba.dcerpc import security
+from samba.dcerpc import security, lsa
+from samba.tests import delete_force
parser = optparse.OptionParser("ldap.py [options] <host>")
sambaopts = options.SambaOptions(parser)
class BasicTests(unittest.TestCase):
- def delete_force(self, ldb, dn):
- try:
- ldb.delete(dn)
- except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
-
- def find_configurationdn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["configurationNamingContext"][0]
-
- def find_schemadn(self, ldb):
- res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
- self.assertEquals(len(res), 1)
- return res[0]["schemaNamingContext"][0]
-
- def find_domain_sid(self):
- res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
- return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
-
- def set_dsheuristics(self, dsheuristics):
- m = Message()
- m.dn = Dn(self.ldb, "CN=Directory Service, CN=Windows NT, CN=Services, "
- + self.configuration_dn)
- if dsheuristics is not None:
- m["dSHeuristics"] = MessageElement(dsheuristics, FLAG_MOD_REPLACE,
- "dSHeuristics")
- else:
- m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
- self.ldb.modify(m)
-
def setUp(self):
super(BasicTests, self).setUp()
self.ldb = ldb
self.gc_ldb = gc_ldb
self.base_dn = ldb.domain_dn()
- self.configuration_dn = self.find_configurationdn(ldb)
- self.schema_dn = self.find_schemadn(ldb)
- self.domain_sid = self.find_domain_sid()
+ self.configuration_dn = ldb.get_config_basedn().get_linearized()
+ self.schema_dn = ldb.get_schema_basedn().get_linearized()
+ self.domain_sid = security.dom_sid(ldb.get_domain_sid())
print "baseDN: %s\n" % self.base_dn
- self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
- self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
+ delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+ delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
def test_objectclasses(self):
"""Test objectClass behaviour"""
# We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
try:
self.ldb.add({
- "dn": "cn=testsecret,cn=system," + self.base_dn,
+ "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectClass": "secret" })
self.fail()
except LdbError, (num, _):
self.assertTrue(len(res) == 1)
self.assertEquals(res[0]["systemFlags"][0], "0")
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
# More than one change operation is allowed
- ldb.modify_ldif("""
-dn: cn=ldaptestuser,cn=users, """ + self.base_dn + """
-changetype: modify
-delete: objectClass
-objectClass: bootableDevice
-add: objectClass
-objectClass: bootableDevice
-""")
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m.add(MessageElement("bootableDevice", FLAG_MOD_DELETE, "objectClass"))
+ m.add(MessageElement("bootableDevice", FLAG_MOD_ADD, "objectClass"))
+ ldb.modify(m)
# We cannot remove all object classes by an empty replace
m = Message()
"objectClass")
ldb.modify(m)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
def test_system_only(self):
"""Test systemOnly objects"""
try:
self.ldb.add({
- "dn": "cn=testsecret,cn=system," + self.base_dn,
+ "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectclass": "secret"})
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
- self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+ # Create secret over LSA and try to change it
+
+ lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds)
+ lsa_handle = lsa_conn.OpenPolicy2(system_name="\\",
+ attr=lsa.ObjectAttribute(),
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ secret_name = lsa.String()
+ secret_name.string = "G$Test"
+ sec_handle = lsa_conn.CreateSecret(handle=lsa_handle,
+ name=secret_name,
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ lsa_conn.Close(lsa_handle)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
+ m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
+ "description")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
try:
self.ldb.add({
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
# Proof if DC SAM object has "isCriticalSystemObject" set
res = self.ldb.search("", scope=SCOPE_BASE, attrs=["serverName"])
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_OBJECT)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
+ self.base_dn)
try:
except LdbError, (num, _):
self.assertEquals(num, ERR_NAMING_VIOLATION)
- self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
def test_invalid_attribute(self):
"""Test invalid attributes on schema/objectclasses"""
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# attributes not in objectclasses and mandatory attributes missing test
# Use here a non-SAM entry since it doesn't have special triggers
except LdbError, (num, _):
self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
def test_single_valued_attributes(self):
"""Test single-valued attributes"""
except LdbError, (num, _):
self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_attribute_ranges(self):
"""Test attribute ranges"""
m["sn"] = MessageElement("x", FLAG_MOD_REPLACE, "sn")
ldb.modify(m)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
def test_empty_messages(self):
"""Test empty messages"""
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_empty_attributes(self):
"""Test empty attributes"""
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_instanceType(self):
"""Tests the 'instanceType' attribute"""
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_distinguished_name(self):
"""Tests the 'distinguishedName' attribute"""
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_rdn_name(self):
"""Tests the RDN"""
print "Tests the RDN"""
+ # Search
+
+ # empty RDN
+ try:
+ self.ldb.search("=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN name
+ try:
+ self.ldb.search("cn=,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ try:
+ self.ldb.search("=ldaptestgroup,cn=users," + self.base_dn, scope=SCOPE_BASE)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # Add
+
+ # empty RDN
+ try:
+ self.ldb.add({
+ "dn": "=,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN name
+ try:
+ self.ldb.add({
+ "dn": "=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # empty RDN value
+ try:
+ self.ldb.add({
+ "dn": "cn=,cn=users," + self.base_dn,
+ "objectclass": "group"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # a wrong RDN candidate
try:
self.ldb.add({
"dn": "description=xyz,cn=users," + self.base_dn,
except LdbError, (num, _):
self.assertEquals(num, ERR_NAMING_VIOLATION)
- self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
# a wrong "name" attribute is obviously tolerated
self.ldb.add({
self.assertTrue("name" in res[0])
self.assertTrue(res[0]["name"][0] == "ldaptestgroup")
+ # Modify
+
+ # empty RDN value
+ m = Message()
+ m.dn = Dn(ldb, "cn=,cn=users," + self.base_dn)
+ m["description"] = "test"
+ try:
+ self.ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # Delete
+
+ # empty RDN value
+ try:
+ self.ldb.delete("cn=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # Rename
+
+ # new empty RDN
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # new empty RDN name
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "=ldaptestgroup,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # new empty RDN value
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "cn=,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NAMING_VIOLATION)
+
+ # new wrong RDN candidate
+ try:
+ self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn,
+ "description=xyz,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
+
+ # old empty RDN value
+ try:
+ self.ldb.rename("cn=,cn=users," + self.base_dn,
+ "cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
+
+ # names
+
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
except LdbError, (num, _):
self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# this test needs to be disabled until we really understand
def DISABLED_test_largeRDN(self):
"""Testing large rDN (limit 64 characters)"""
rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
ldif = """
dn: %s,%s""" % (rdn,self.base_dn) + """
objectClass: container
"""
self.ldb.add_ldif(ldif)
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
try:
ldif = """
dn: %s,%s""" % (rdn,self.base_dn) + """
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
+ delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
def test_rename(self):
"""Tests the rename operation"""
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
# Performs some "systemFlags" testing
"objectclass": "user" })
ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
self.ldb.add({
"dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
"objectclass": "user" })
res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
print "Found %u records" % len(res)
self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
def test_objectGUID(self):
"""Test objectGUID behaviour"""
self.assertTrue("whenCreated" in res[0])
self.assertTrue("whenChanged" in res[0])
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
# All the following attributes are specificable on add operations
self.ldb.add({
self.assertTrue("uSNChanged" in res[0])
self.assertFalse(res[0]["uSNChanged"][0] == "1") # these are corrected
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
# All this attributes are specificable on add operations
self.ldb.add({
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
def test_parentGUID(self):
"""Test parentGUID behaviour"""
attrs=["parentGUID"]);
self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
- self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
- self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+ delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
def test_groupType_int32(self):
"""Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
attrs=[])
self.assertTrue(len(res1) == 0)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
"member": "cn=ldaptestuser,cn=users," + self.base_dn})
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
# Make sure that the "member" attribute for "ldaptestuser" has been
# removed
self.assertTrue(len(res) == 1)
self.assertFalse("member" in res[0])
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
def test_wkguid(self):
"""Test Well known GUID behaviours (including DN+Binary)"""
self.assertEquals(res[0]["objectClass"][4], "computer");
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
+ self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,%s" % ldb.get_schema_basedn()))
self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
print "Testing attribute or value exists behaviour"
try:
self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
# self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
"objectClass": "user",
except LdbError, (num, _):
self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
try:
- ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
+ ldb.rename("cn=ldaptestuser3,cn=users,%s" % self.base_dn, "cn=ldaptestuser3,%s" % ldb.get_config_basedn())
self.fail()
except LdbError, (num, _):
self.assertTrue(num in (71, 64))
ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
+ self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,%s" % ldb.get_schema_basedn()))
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
self.assertEquals(len(res[0]["memberOf"]), 1)
- print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
- res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
+ print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn()
+ res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
+ self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,%s))" % ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2[0].dn)
self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
+ self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,%s" % ldb.get_schema_basedn()))
self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
self.assertEquals(len(res[0]["memberOf"]), 1)
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
- res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
+ print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn()
+ res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
+ self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2[0].dn)
if gc_ldb is not None:
- print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
- res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
- self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
+ print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) in Global Catalog" % gc_ldb.get_schema_basedn()
+ res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s))" % gc_ldb.get_schema_basedn())
+ self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,%s)) In Global Catalog" % gc_ldb.get_schema_basedn())
self.assertEquals(res[0].dn, res2gc[0].dn)
self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
self.assertTrue("objectGUID" in res[0])
self.assertTrue("whenCreated" in res[0])
- self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
+ self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,%s" % ldb.get_schema_basedn())
self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
add: objectClass
objectClass: posixAccount"""% (self.base_dn))
- self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
def test_security_descriptor_add(self):
""" Testing ldb.add_ldif() for nTSecurityDescriptor """
#
# Test an empty security descriptor (naturally this shouldn't work)
#
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
try:
self.ldb.add({ "dn": user_dn,
"objectClass": "user",
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test add_ldif() with SDDL security descriptor input
#
desc_sddl = desc.as_sddl( self.domain_sid )
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test add_ldif() with BASE64 security descriptor
#
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
def test_security_descriptor_add_neg(self):
"""Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
"""
user_name = "testdescriptoruser1"
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
try:
sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
self.assertTrue("nTSecurityDescriptor" in res[0])
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
def test_security_descriptor_modify(self):
""" Testing ldb.modify_ldif() for nTSecurityDescriptor """
#
# Test an empty security descriptor (naturally this shouldn't work)
#
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
self.ldb.add({ "dn": user_dn,
"objectClass": "user",
"sAMAccountName": user_name })
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with SDDL security descriptor input
# Add ACE to the original descriptor test
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with SDDL security descriptor input
# New desctiptor test
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with BASE64 security descriptor input
# Add ACE to the original descriptor test
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with BASE64 security descriptor input
# New descriptor test
#
try:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
self.ldb.add_ldif("""
dn: """ + user_dn + """
objectclass: user
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertEqual(desc_sddl, sddl)
finally:
- self.delete_force(self.ldb, user_dn)
+ delete_force(self.ldb, user_dn)
def test_dsheuristics(self):
"""Tests the 'dSHeuristics' attribute"""
print "Tests the 'dSHeuristics' attribute"""
# Get the current value to restore it later
- res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
- + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
- if "dSHeuristics" in res[0]:
- dsheuristics = res[0]["dSHeuristics"][0]
- else:
- dsheuristics = None
+ dsheuristics = self.ldb.get_dsheuristics()
# Should not be longer than 18 chars?
try:
- self.set_dsheuristics("123ABC-+!1asdfg@#^12")
+ self.ldb.set_dsheuristics("123ABC-+!1asdfg@#^12")
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# If it is >= 10 chars, tenthChar should be 1
try:
- self.set_dsheuristics("00020000000002")
+ self.ldb.set_dsheuristics("00020000000002")
except LdbError, (num, _):
self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
# apart from the above, all char values are accepted
- self.set_dsheuristics("123ABC-+!1asdfg@#^")
- res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
- + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
- self.assertTrue("dSHeuristics" in res[0])
- self.assertEquals(res[0]["dSHeuristics"][0], "123ABC-+!1asdfg@#^")
+ self.ldb.set_dsheuristics("123ABC-+!1asdfg@#^")
+ self.assertEquals(self.ldb.get_dsheuristics(), "123ABC-+!1asdfg@#^")
# restore old value
- self.set_dsheuristics(dsheuristics)
-
+ self.ldb.set_dsheuristics(dsheuristics)
+
+ def test_ldapControlReturn(self):
+ """Testing that if we request a control that return a control it
+ really return something"""
+ res = self.ldb.search(attrs=["cn"],
+ controls=["paged_results:1:10"])
+ self.assertEquals(len(res.controls), 1)
+ self.assertEquals(res.controls[0].oid, "1.2.840.113556.1.4.319")
+ try:
+ s = str(res.controls[0])
+ except:
+ self.assertFalse(True)
+
+ def test_operational(self):
+ """Tests operational attributes"""
+ print "Tests operational attributes"""
+
+ res = self.ldb.search(self.base_dn, scope=SCOPE_BASE,
+ attrs=["createTimeStamp", "modifyTimeStamp",
+ "structuralObjectClass", "whenCreated",
+ "whenChanged"])
+ self.assertEquals(len(res), 1)
+ self.assertTrue("createTimeStamp" in res[0])
+ self.assertTrue("modifyTimeStamp" in res[0])
+ self.assertTrue("structuralObjectClass" in res[0])
+ self.assertTrue("whenCreated" in res[0])
+ self.assertTrue("whenChanged" in res[0])
class BaseDnTests(unittest.TestCase):
def test_rootdse_attrs(self):
"""Testing for all rootDSE attributes"""
- res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
+ res = self.ldb.search("", scope=SCOPE_BASE, attrs=[])
self.assertEquals(len(res), 1)
def test_highestcommittedusn(self):
self.assertTrue("CN=Sites" in res[0]["serverName"][0])
self.assertFalse("CN=NTDS Settings" in res[0]["serverName"][0])
+ def test_functionality(self):
+ """Testing the server paths in rootDSE"""
+ res = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["forestFunctionality", "domainFunctionality", "domainControllerFunctionality"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(len(res[0]["forestFunctionality"]), 1)
+ self.assertEquals(len(res[0]["domainFunctionality"]), 1)
+ self.assertEquals(len(res[0]["domainControllerFunctionality"]), 1)
+
+ self.assertTrue(int(res[0]["forestFunctionality"][0]) <= int(res[0]["domainFunctionality"][0]))
+ self.assertTrue(int(res[0]["domainControllerFunctionality"][0]) >= int(res[0]["domainFunctionality"][0]))
+
+ res2 = self.ldb.search("", scope=SCOPE_BASE,
+ attrs=["dsServiceName", "serverName"])
+ self.assertEquals(len(res2), 1)
+ self.assertEquals(len(res2[0]["dsServiceName"]), 1)
+
+ res3 = self.ldb.search(res2[0]["dsServiceName"][0], scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res3), 1)
+ self.assertEquals(len(res3[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["domainControllerFunctionality"][0]), int(res3[0]["msDS-Behavior-Version"][0]))
+
+ res4 = self.ldb.search(ldb.domain_dn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res4), 1)
+ self.assertEquals(len(res4[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["domainFunctionality"][0]), int(res4[0]["msDS-Behavior-Version"][0]))
+
+ res5 = self.ldb.search("cn=partitions,%s" % ldb.get_config_basedn(), scope=SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+ self.assertEquals(len(res5), 1)
+ self.assertEquals(len(res5[0]["msDS-Behavior-Version"]), 1)
+ self.assertEquals(int(res[0]["forestFunctionality"][0]), int(res5[0]["msDS-Behavior-Version"][0]))
+
def test_dnsHostname(self):
"""Testing the DNS hostname in rootDSE"""
res = self.ldb.search("", scope=SCOPE_BASE,
else:
host = "ldap://%s" % host
-ldb = SamDB(host, credentials=creds, session_info=system_session(), lp=lp)
+ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
if not "tdb://" in host:
gc_ldb = Ldb("%s:3268" % host, credentials=creds,
- session_info=system_session(), lp=lp)
+ session_info=system_session(lp), lp=lp)
else:
gc_ldb = None
git.samba.org / nivanova / samba-autobuild / .git / blobdiff