2 files changed, 81 insertions, 10 deletions

diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 7bc4b3f08f..00fb307689 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -17,9 +17,11 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
+from ldb import Message, Dn
 from samba import Ldb
 from subunit import SubunitTestRunner
 from samba import param
+from samba import glue
 import unittest
 
 parser = optparse.OptionParser("ldap [options] <host>")
@@ -125,21 +127,67 @@ class BasicTests(unittest.TestCase):
         ldb.delete("cn=testotherusers," + self.base_dn)
 
     def test_groupType(self):
-        """Test groupType behaviour 
-        (should appear to be casted to a 32 bit signed integer before comparsion)"""
+        """Test groupType behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
         print "Testing groupType behaviour\n"
         
         res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
-                          attrs=["groupType"], expression="groupType=2147483650");
+                          attrs=["groupType"], expression="groupType=2147483653");
 
         res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
-                          attrs=["groupType"], expression="groupType=-2147483646");
+                          attrs=["groupType"], expression="groupType=-2147483643");
 
         self.assertEquals(len(res1), len(res2))
 
         self.assertTrue(res1.count > 0)
 
-        self.assertEquals(res1[0]["groupType"][0], "-2147483646")
+        self.assertEquals(res1[0]["groupType"][0], "-2147483643")
+
+    def test_primary_group_token(self):
+        """Test the primary group token behaviour (hidden-generated-readonly attribute on groups)"""
+        print "Testing primary group token behaviour\n"
+
+        ldb.add({
+            "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
+            "objectclass": ["user", "person"],
+            "cN": "LDAPtestUSER",
+            "givenname": "ldap",
+            "sn": "testy"})
+
+        ldb.add({
+            "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
+            "objectclass": "group",
+            "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
+
+        res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken"])
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+	res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE)
+        self.assertTrue(len(res1) == 1)
+        self.assertFalse("primaryGroupToken" in res1[0])
+
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+                          scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
+        self.assertTrue(len(res1) == 1)
+        primary_group_token = int(res1[0]["primaryGroupToken"][0])
+
+	rid = glue.dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0]))
+        self.assertEquals(primary_group_token, rid)
+
+# Has to wait until we support read-only generated attributes correctly
+#        m = Message()
+#        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+#        m["primaryGroupToken"] = "100"
+#        try:
+#                ldb.modify(m)
+#                self.fail()
+#        except LdbError, (num, msg):
+#                print msg
+
+        self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+        self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
 
     def test_all(self):
         """Basic tests"""
@@ -148,11 +196,11 @@ class BasicTests(unittest.TestCase):
 
         print "Testing user add"
         ldb.add({
-        "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
-        "objectclass": ["user", "person"],
-        "cN": "LDAPtestUSER",
-        "givenname": "ldap",
-        "sn": "testy"})
+            "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
+            "objectclass": ["user", "person"],
+            "cN": "LDAPtestUSER",
+            "givenname": "ldap",
+            "sn": "testy"})
 
         ldb.add({
             "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 0869d2feac..95255dc1f6 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -327,6 +327,27 @@ static PyObject *py_dsdb_convert_schema_to_openldap(PyObject *self, PyObject *ar
 	return ret;
 }
 
+static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
+{
+	PyObject *py_sid;
+	struct dom_sid *sid;
+	uint32_t rid;
+	NTSTATUS status;
+	
+	if(!PyArg_ParseTuple(args, "O", &py_sid))
+		return NULL;
+
+	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
+
+	status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+		return NULL;
+	}
+
+	return PyInt_FromLong(rid);
+}
+
 static PyMethodDef py_misc_methods[] = {
 	{ "generate_random_str", (PyCFunction)py_generate_random_str, METH_VARARGS,
 		"random_password(len) -> string\n"
@@ -358,6 +379,8 @@ static PyMethodDef py_misc_methods[] = {
 		NULL },
 	{ "dsdb_convert_schema_to_openldap", (PyCFunction)py_dsdb_convert_schema_to_openldap, METH_VARARGS,
 		NULL },
+	{ "dom_sid_to_rid", (PyCFunction)py_dom_sid_to_rid, METH_VARARGS,
+		NULL },
 	{ NULL }
 };