summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/dsdb/samdb/ldb_modules/linked_attributes.c4
-rw-r--r--source4/setup/provision_users.ldif242
-rwxr-xr-xtestprogs/ejs/ldap.js46
3 files changed, 152 insertions, 140 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index aea0a34ec2..be5dd12d3b 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -243,7 +243,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
ac->num_requests++;
/* Run the original request */
- ret = ldb_next_request(module, req);
+ ret = ldb_next_request(module, ac->down_req[0]);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -323,7 +323,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
ac->num_requests++;
/* Run the original request */
- ret = ldb_next_request(module, req);
+ ret = ldb_next_request(module, ac->down_req[0]);
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 95c28f92d8..7c1a438d8e 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -20,6 +20,127 @@ objectSid: ${DOMAINSID}-501
sAMAccountName: Guest
isCriticalSystemObject: TRUE
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Admins
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=krbtgt,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: krbtgt
+description: Key Distribution Center Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+objectSid: ${DOMAINSID}-502
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: krbtgt
+sAMAccountType: 805306368
+servicePrincipalName: kadmin/changepw
+isCriticalSystemObject: TRUE
+sambaPassword:: ${KRBTGTPASS_B64}
+
+dn: CN=Domain Computers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Computers
+description: All workstations and servers joined to the domain
+objectSid: ${DOMAINSID}-515
+sAMAccountName: Domain Computers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Controllers
+description: All domain controllers in the domain
+objectSid: ${DOMAINSID}-516
+adminCount: 1
+sAMAccountName: Domain Controllers
+isCriticalSystemObject: TRUE
+
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Schema Admins
+description: Designated administrators of the schema
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-518
+adminCount: 1
+sAMAccountName: Schema Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cert Publishers
+description: Members of this group are permitted to publish certificates to the Active Directory
+groupType: 2147483652
+sAMAccountType: 536870912
+objectSid: ${DOMAINSID}-517
+sAMAccountName: Cert Publishers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Admins
+description: Designated administrators of the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-512
+adminCount: 1
+sAMAccountName: Domain Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Users
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Guests
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Group Policy Creator Owners
+description: Members in this group can modify group policy for the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-520
+sAMAccountName: Group Policy Creator Owners
+isCriticalSystemObject: TRUE
+
+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: RAS and IAS Servers
+description: Servers in this group can access remote access properties of users
+instanceType: 4
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+sAMAccountType: 536870912
+groupType: 2147483652
+isCriticalSystemObject: TRUE
+
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -181,127 +302,6 @@ systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
-dn: CN=krbtgt,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-cn: krbtgt
-description: Key Distribution Center Service Account
-showInAdvancedViewOnly: TRUE
-userAccountControl: 514
-objectSid: ${DOMAINSID}-502
-adminCount: 1
-accountExpires: 9223372036854775807
-sAMAccountName: krbtgt
-sAMAccountType: 805306368
-servicePrincipalName: kadmin/changepw
-isCriticalSystemObject: TRUE
-sambaPassword:: ${KRBTGTPASS_B64}
-
-dn: CN=Domain Computers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Computers
-description: All workstations and servers joined to the domain
-objectSid: ${DOMAINSID}-515
-sAMAccountName: Domain Computers
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Controllers
-description: All domain controllers in the domain
-objectSid: ${DOMAINSID}-516
-adminCount: 1
-sAMAccountName: Domain Controllers
-isCriticalSystemObject: TRUE
-
-dn: CN=Schema Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Schema Admins
-description: Designated administrators of the schema
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-518
-adminCount: 1
-sAMAccountName: Schema Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Enterprise Admins
-description: Designated administrators of the enterprise
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-519
-adminCount: 1
-sAMAccountName: Enterprise Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Cert Publishers
-description: Members of this group are permitted to publish certificates to the Active Directory
-groupType: 2147483652
-sAMAccountType: 536870912
-objectSid: ${DOMAINSID}-517
-sAMAccountName: Cert Publishers
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Admins
-description: Designated administrators of the domain
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-512
-adminCount: 1
-sAMAccountName: Domain Admins
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Users,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Users
-description: All domain users
-objectSid: ${DOMAINSID}-513
-sAMAccountName: Domain Users
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Guests,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Domain Guests
-description: All domain guests
-objectSid: ${DOMAINSID}-514
-sAMAccountName: Domain Guests
-isCriticalSystemObject: TRUE
-
-dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: Group Policy Creator Owners
-description: Members in this group can modify group policy for the domain
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-520
-sAMAccountName: Group Policy Creator Owners
-isCriticalSystemObject: TRUE
-
-dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-cn: RAS and IAS Servers
-description: Servers in this group can access remote access properties of users
-instanceType: 4
-objectSid: ${DOMAINSID}-553
-sAMAccountName: RAS and IAS Servers
-sAMAccountType: 536870912
-groupType: 2147483652
-isCriticalSystemObject: TRUE
-
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js
index 56fbf4f0df..c012f84bf0 100755
--- a/testprogs/ejs/ldap.js
+++ b/testprogs/ejs/ldap.js
@@ -31,6 +31,20 @@ function basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn)
ldb.del("cn=ldaptestuser,cn=users," + base_dn);
+ ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
+
+ println("Testing group add with invalid member");
+ var ok = ldb.add("
+dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
+objectclass: group
+member: cn=ldaptestuser,cn=useRs," + base_dn + "
+");
+
+ if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
+ println(ok.errstr);
+ assert(ok.error == 32);
+ }
+
var ok = ldb.add("
dn: cn=ldaptestuser,cn=uSers," + base_dn + "
objectclass: user
@@ -55,28 +69,14 @@ cN: LDAPtestUSER
}
}
- ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
-
var ok = ldb.add("
dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
objectclass: group
member: cn=ldaptestuser,cn=useRs," + base_dn + "
");
if (ok.error != 0) {
- ok = ldb.del("cn=ldaptestgroup,cn=users," + base_dn);
- if (ok.error != 0) {
- println(ok.errstr);
- assert(ok.error == 0);
- }
- ok = ldb.add("
-dn: cn=ldaptestgroup,cn=uSers," + base_dn + "
-objectclass: group
-member: cn=ldaptestuser,cn=useRs," + base_dn + "
-");
- if (ok.error != 0) {
- println(ok.errstr);
- assert(ok.error == 0);
- }
+ println(ok.errstr);
+ assert(ok.error == 0);
}
var ok = ldb.add("
@@ -185,6 +185,18 @@ member: cn=ldaptestcomputer,cn=computers," + base_dn + "
ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
+ println("Testing adding non-existent user to a group");
+ ok = ldb.modify("
+dn: cn=ldaptestgroup,cn=users," + base_dn + "
+changetype: modify
+add: member
+member: cn=ldaptestuser3,cn=users," + base_dn + "
+");
+ if (ok.error != 32) { /* LDAP_NO_SUCH_OBJECT */
+ println(ok.errstr);
+ assert(ok.error == 32);
+ }
+
println("Testing Renames");
ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
@@ -895,7 +907,7 @@ var base_dn = find_basedn(ldb);
var configuration_dn = find_configurationdn(ldb);
var schema_dn = find_schemadn(ldb);
-printf("baseDN: %s\n", base_dn);
+println("baseDN: %s\n", base_dn);
var ok = gc_ldb.connect("ldap://" + host + ":3268");
if (!ok) {
generated by cgit (git 2.34.1) at 2024-06-14 03:02:26 +0000