diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-03-04 17:51:09 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-03-04 18:16:24 +0100 |
commit | 4546b6b7dfd7f0e59e11b63c6cf91a4594b8ca54 (patch) | |
tree | fc3817ce79bad580f1d16e70f2051eca5c1b857a /source4/lib/ldb/tests | |
parent | 8297302e989c62092b50a275207046e83cd52800 (diff) | |
download | samba-4546b6b7dfd7f0e59e11b63c6cf91a4594b8ca54.tar.gz samba-4546b6b7dfd7f0e59e11b63c6cf91a4594b8ca54.tar.bz2 samba-4546b6b7dfd7f0e59e11b63c6cf91a4594b8ca54.zip |
s4:ldap.py - add test for "tokenGroups"
Diffstat (limited to 'source4/lib/ldb/tests')
-rwxr-xr-x | source4/lib/ldb/tests/python/ldap.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 798047cee9..0a8332328e 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -846,6 +846,50 @@ objectClass: container self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + def test_tokenGroups(self): + """Test the tokenGroups behaviour (hidden-generated-readonly attribute on SAM objects)""" + print "Testing tokenGroups behaviour\n" + + # The domain object shouldn't contain any "tokenGroups" entry + res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"]) + self.assertTrue(len(res) == 1) + self.assertFalse("tokenGroups" in res[0]) + + # The domain administrator should contain "tokenGroups" entries + # (the exact number depends on the domain/forest function level and the + # DC software versions) + res = ldb.search("cn=Administrator,cn=Users," + self.base_dn, + scope=SCOPE_BASE, attrs=["tokenGroups"]) + self.assertTrue(len(res) == 1) + self.assertTrue("tokenGroups" in res[0]) + + ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectclass": ["user", "person"]}) + + # This testuser should contain at least two "tokenGroups" entries + # (exactly two on an unmodified "Domain Users" and "Users" group) + res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["tokenGroups"]) + self.assertTrue(len(res) == 1) + self.assertTrue(len(res[0]["tokenGroups"]) >= 2) + + # one entry which we need to find should point to domains "Domain Users" + # group and another entry should point to the builtin "Users"group + domain_users_group_found = False + users_group_found = False + for sid in res[0]["tokenGroups"]: + rid = security.dom_sid(ldb.schema_format_value("objectSID", sid)).split()[1] + if rid == 513: + domain_users_group_found = True + if rid == 545: + users_group_found = True + + self.assertTrue(domain_users_group_found) + self.assertTrue(users_group_found) + + self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + def test_wkguid(self): """Test Well known GUID behaviours (including DN+Binary)""" print "Test Well known GUID behaviours (including DN+Binary)""" |