diff options
Diffstat (limited to 'source4/dsdb')
-rwxr-xr-x | source4/dsdb/tests/python/sam.py | 595 |
1 files changed, 595 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py index ac1445ccb5..fc5967cdd9 100755 --- a/source4/dsdb/tests/python/sam.py +++ b/source4/dsdb/tests/python/sam.py @@ -31,6 +31,13 @@ from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_INTERDOMAIN_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, UF_PARTIAL_SECRETS_ACCOUNT, UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT, + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, + GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP, + GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP, + GTYPE_DISTRIBUTION_UNIVERSAL_GROUP, + ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_UNIVERSAL_GROUP, + ATYPE_SECURITY_LOCAL_GROUP, ATYPE_DISTRIBUTION_GLOBAL_GROUP, + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP, ATYPE_DISTRIBUTION_LOCAL_GROUP, ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE, SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE, SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE) @@ -643,6 +650,594 @@ class SamTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + def test_groupType(self): + """Test the groupType behaviour""" + print "Testing groupType behaviour\n" + + # You can never create or change to a + # "GTYPE_SECURITY_BUILTIN_LOCAL_GROUP" + + # Add operation + + # Invalid attribute + try: + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": "0"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + try: + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP)}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_SECURITY_GLOBAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_SECURITY_UNIVERSAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_LOCAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_DISTRIBUTION_GLOBAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_GLOBAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "groupType": str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)}) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_LOCAL_GROUP) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + # Modify operation + + ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + # We can change in this direction: global <-> universal <-> local + # On each step also the group type itself (security/distribution) is + # variable. + + # After creation we should have a "security global group" + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Invalid attribute + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement("0", + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Security groups + + # Default is "global group" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Change to "local" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Change back to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + + # Change to "local" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_LOCAL_GROUP) + + # Change to "global" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change to "builtin local" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + # Change back to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + + # Change to "builtin local" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Change to "builtin local" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Distribution groups + + # Default is "global group" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_GLOBAL_GROUP) + + # Change to local (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_GLOBAL_GROUP) + + # Change back to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP) + + # Change to "local" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_LOCAL_GROUP) + + # Change to "global" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change back to "universal" + + # Try to add invalid member to group 1 - should be denied + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["member"] = MessageElement( + "cn=ldaptestuser3,cn=users," + self.base_dn, + FLAG_MOD_ADD, "member") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_OBJECT) + + # Make group 2 secondary + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_GLOBAL_GROUP) + + # Both group types: this performs only random checks - all possibilities + # would require too much code. + + # Default is "global group" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Change to "local" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_UNIVERSAL_GROUP) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + # Change back to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + + # Change to "local" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_DISTRIBUTION_LOCAL_GROUP) + + # Change to "global" (shouldn't work) + + try: + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_DISTRIBUTION_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + # Change back to "universal" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_UNIVERSAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_UNIVERSAL_GROUP) + + # Change back to "global" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["groupType"] = MessageElement( + str(GTYPE_SECURITY_GLOBAL_GROUP), + FLAG_MOD_REPLACE, "groupType") + ldb.modify(m) + + res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn, + scope=SCOPE_BASE, attrs=["sAMAccountType"]) + self.assertTrue(len(res1) == 1) + self.assertEquals(int(res1[0]["sAMAccountType"][0]), + ATYPE_SECURITY_GLOBAL_GROUP) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + if not "://" in host: if os.path.isfile(host): host = "tdb://%s" % host |