summaryrefslogtreecommitdiff
path: root/testprogs/ejs/ldap.js
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r26420: Don't print a blow-by-blow description of every search we do, just theAndrew Bartlett1-17/+18
errors that occour. Andrew Bartlett (This used to be commit bf5b2f467f57528aa64d4af0e68ef2dffd00f8f6)
2007-12-21r26419: Add a module to implement 'ambigious name resolution' by munging theAndrew Bartlett1-0/+154
incoming LDAP filter. Warning: Any anr search will perform a full index search. Untill ldb gets substring indexes, this is unavoidable. Also implement a testsutie to show we match AD behaviour for this important extension (used in the Active Directory Users and Computers MMC plugin, as a genereral 'find'). This will also be useful to OpenChange, as their server needs to implement this. Andrew Bartlett (This used to be commit 044b50947254ccd516c21cb156ab60ab9e3a582d)
2007-12-21r26182: Extend our linked attribute testsuite to cover many more possibleAndrew Bartlett1-10/+129
modifications, and then extend our implementation to match. Andrew Bartlett (This used to be commit 65d17f0ad7ead438333abcccb0bd56b038ffb88e)
2007-12-21r26140: Add a new test for searches by distinguieshedName and dn, andAndrew Bartlett1-0/+22
implement these in the simple ldap mapping module. We still don't pass this test, because we must get linked attributes into OpenLDAP. Andrew Bartlett (This used to be commit d41f34e979bb119f71ab3cc2fdb3c08e4b92849c)
2007-12-21r25961: Add new tests to verify basedn validation in LDAP searches.Andrew Bartlett1-3/+40
Andrew Bartlett (This used to be commit e178df4a180e7ce3eba1a14fb45b2fcc582f06c3)
2007-12-21r25891: Test that we get the correct return value when we attempt to referenceAndrew Bartlett1-17/+29
invalid entries with a linked attribute. Make Samba4 pass that test, by fixing a silly bug in the linked_attributes module. (By passing down the 'original' request structure, tdb would override our handle, and therefore we would never be called for the 'wait', which collects the errors). Fix up the provision templates to handle the newly required referential integrity. Andrew Bartlett (This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b)
2007-12-21r25826: Prove that adding a user or computer via LDAP doesn't magicly giveAndrew Bartlett1-0/+3
them any more group memberships. Andrew Bartlett (This used to be commit c805934017af2c983b31738cb888103a5f972fdc)
2007-12-21r25788: Use a single routine to handle the creation of modify requests in theAndrew Bartlett1-0/+1
linked_attributs code. This drasticly reduces the code duplication here. Andrew Bartlett (This used to be commit c66e188e6729a8e12854017d62067b4ae4a23af8)
2007-12-21r25787: Assert that we handle the group membership updating correctly,Andrew Bartlett1-1/+21
including when we delete members from the DB. Andrew Bartlett (This used to be commit 2c95274e257da1d392a8a91bc291debc41c18f30)
2007-12-21r25781: Handle and test linked attribute renames.Andrew Bartlett1-2/+65
Andrew Bartlett (This used to be commit 56d9dd5140b6d7d7bbaa2f59ecdff7ee70c4faac)
2007-12-21r25762: This test belongs best with the other checks for a valid parent, inAndrew Bartlett1-0/+7
the objectclass module. Andrew Bartlett (This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45)
2007-12-21r25761: Rename to be a DN to be a child of itself wasn't being checked for.Andrew Bartlett1-0/+7
This prevents CN=test,dc=samba,dc=example,dc=com being renamed into CN=test2,cn=test,dc=samba,dc=example,dc=com Andrew Bartlett (This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)
2007-12-21r25760: Test out relative distinguished name behaviour under renames.Andrew Bartlett1-0/+24
Andrew Bartlett (This used to be commit 0019596b715f888e7b7dbd71de832c6e2941c625)
2007-12-21r25754: More work on normal forms for ldb input.Andrew Bartlett1-8/+8
This patch is to ensure that all attributes are in the same case as the schema specifies. In the process, I ensure that all attributes are indeed in the schema. This ensures we use the schema case, not the user supplied case for future responses, which assists any (incorrect, but possible) case sensitive processing on a client. I've also removed more of the subtle 'schema &&' that metze objected to in the for loops, moving to a much more explicit 'if (schema)'. Andrew Bartlett (This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
2007-12-21r25750: Update the objectclass module to improve consistency in Samba4.Andrew Bartlett1-17/+27
The aim here is to ensure that if we have CN=Users,DC=samba,DC=example,DC=com that we cannot have a DN of the form cn=admin ,cn=useRS,DC=samba,DC=example,DC=com This module pulls apart the DN, fixes up the relative DN part, and searches for the parent to copy the base from. I've used the objectclass module, as I intend to also validate the placement of child objects, by reading the allowedChildClasses virtual attribute. In the future, I'll also force the attribute names to be consistant (using the case from the schema). Andrew Bartlett (This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
2007-12-21r25710: Finally fix subtree renames. Untested code is broken code and in thisAndrew Bartlett1-10/+20
case an oddity of the javascript caused the test to 'pass'. For the same oddity, we have a failure in ldb's handling of spaces in DNs. We need to resolve that too. Andrew Bartlett (This used to be commit e8cbac1a46f4d3b083e6bb5a509ef1ba47bebff1)
2007-10-10r24761: Permit subtree renames in Samba4.Andrew Bartlett1-1/+66
The module is scary: On a rename, it does a search for all entries under that entry (including itself), and fires off a seperate rename call for each result. This will fail miserably on an LDAP backend, but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS can implement subtree renames at some point. Andrew Bartlett (This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
2007-10-10r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, andAndrew Bartlett1-2/+44
to test the behaviour of objectCategory=user searches. It turns out (thanks to a hint on http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps into objectCategory=CN=Person,... (by the defaultObjectCategory of that objectclass). Simplify the entryUUID module by using the fact that we now set the DN as the canoncical form of objectCategory. Andrew Bartlett (This used to be commit b474be9507df51982a604289215bb1868124fc24)
2007-10-10r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users andAndrew Bartlett1-2/+4
Computers). We now generate a security descriptor for each object, when it is created. This seems to keep MMC happy. The next step is to honour it. Andrew Bartlett (This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
2007-10-10r24076: Make ldap.js pass against Win2k3 again (looks like we don't match ADAndrew Bartlett1-1/+6
on this error code, but allow both for now). Also prove that bug #4829 needs a different solution: we can't fix this by changing the template. I think this fix needs to be in the SAMR server. Andrew Bartlett (This used to be commit c3554e3ee79cdb15f05e7968ccde62c086748c80)
2007-10-10r23762: Fix DN renames over LDAP, and instrument the partition module. Add aAndrew Bartlett1-0/+54
test to prove the behaviour of LDAP renames etc. Fix LDB to return correct error code when failing to rename one DN onto another. Andrew Bartlett (This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
2007-10-10r23737: Validate that we object to duplicate values in an add or replace.Andrew Bartlett1-0/+15
We can't ever allow duplicates, even if the client sends them Andrew Bartlett (This used to be commit 10277f27246b9e16ed36fb72eb4c318b43cb9395)
2007-10-10r23719: ejs being case sensitive, while LDAP is not is a real pain whenAndrew Bartlett1-1/+1
dereferencing attributes. Fix the case to match between the attributes searched for and the ejs element. (Fixes LDAP-backend selftest) Andrew Bartlett (This used to be commit 51cf66bb96e5a58693a40d920d78632ac442ca1c)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-2/+39
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r22523: Give a hint why this test fails (helped debugging backend issues).Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit f86d3b47850a9f3f773226807bbafd1830182c59)
2007-10-10r21737: Print the error strings in the ejs ldb test.Andrew Bartlett1-4/+8
(This used to be commit fed42cf5a359e8dcbabd82dba5b18058260ddc07)
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett1-0/+26
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r21351: Change ldb ejs bindings return codes.Simo Sorce1-173/+199
We were returning just true/false and discarding error number and string. This checking probably breaks swat, will fix it in next round as swat is what made me look into this as I had no way to get back error messages to show to the users. Simo. (This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
2007-10-10r19729: - split basedn related tests to a new functionStefan Metzmacher1-7/+27
- and add some 'netlogon' attriubte related tests metze (This used to be commit d643c3cc5cd4547dbb7cead768993a9abee4e2eb)
2007-10-10r19727: make it possible to run the ldap.js tests against non global catalog ↵Stefan Metzmacher1-35/+46
servers metze (This used to be commit 463ed4c0040f52ef2b06337e122aac325ec01026)
2007-10-10r17380: An expanded test, cross-referencing the global catalog to the main port.Andrew Bartlett1-4/+69
Andrew Bartlett (This used to be commit eadc24ed291dcdb456139a206c6c8acf92bab6da)
2007-10-10r16167: Add tests for the changes to use hex digits, including some testsAndrew Bartlett1-3/+53
commented out until we fix some more things on our server. Andrew Bartlett (This used to be commit ac9d3cb5b004ef1f8e06537634f8f5c33b6c0965)
2007-10-10r16110: Start some simple rootDSE LDAP tests in ejs.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 0201f0df3f3768f0d831c84c573b27bff58d00c6)
2007-10-10r16072: Do basic wildcard searching in the ejs LDAP test.Andrew Bartlett1-0/+27
Unfortunetly this didn't find the wildcard bug, but at least it tests something... Andrew Bartlett (This used to be commit f763970caf37a9191abd9c40f297c3f413fe9a56)
2007-10-10r16068: Check against the correct result in the ldap.js testAndrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 52b4e83a1c2cd47bf2f8b6d65419dae12631725a)
2007-10-10r16066: The OSX AD plugin uses objectCategory searches a lot, and uses themAndrew Bartlett1-2/+20
both fully qualified and in the 'short' form. Now we test and support this query format. Andrew Bartlett (This used to be commit 9ddcfacbcedc5eea2730d4bf902c0fcd02bcfa11)
2007-10-10r16061: Prove that removing the objectClass list in the samldb module breaks ↵Andrew Bartlett1-5/+54
things. With this fix, we now correctly detect computers again, and get the correct objectCategory, which is important for the OSX AD plugin. Andrew Bartlett (This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71)
2007-10-10r16028: Re-add the objectclass module, in the new async scheme.Andrew Bartlett1-13/+123
Add a test to show that we need this, and to prove it works (for add at least). Andrew Bartlett (This used to be commit f72079029abb594677bf8c2b63e40c07e910004f)
2007-10-10r13356: test utf8 usernamesSimo Sorce1-0/+24
(This used to be commit 7ddec83a602372765711bff7207657b73922aaea)
2007-10-10r12998: A big update to samldb.cAndrew Bartlett1-2/+34
This updates the module to handle both SID allocation and nextRid updating while importing users. (As imported users already have a SID, so don't go via the allocation step). We also ensure that SIDs in the database are unquie at create time. Furthermore, at allocation time, we double-check the SID isn't already in use, and that we don't create a foriegnSecurityPrincipal for a 'local' sid. Also create random samAccountName entries for users without one (we were setting $000000-000000000000). We may want to seperate the uniqueness code from the rest of samldb, and into a module with the objectguid code, which needs similar checks. These checks also need to apply to modification, or those modifications denied outright. Also update part of the testsuite to validate this. Andrew Bartlett (This used to be commit 7a9c8eee4bea88f5f0bb7c62f701476384b7dc84)
2007-10-10r12324: use command line credentials if available in ldap.jsAndrew Tridgell1-0/+7
(This used to be commit f4f99f9af33699ac8fe43b09fa7542aab72a031a)
2007-10-10r9491: fixed up a few scripts that need to be updated for the new GetOptions ↵Andrew Tridgell1-5/+3
syntax. Mimir, its a good idea to use grep -r to find places that need fixing when you change the syntax of a call :-) (This used to be commit 1ead49f8e823a69dbd9cd3df3f5be04dc17e0d1f)
2007-10-10r8745: make ldap.js cleanup after itselfAndrew Tridgell1-1/+3
(This used to be commit 3a1c6a176ed37b4d696dab52b2f2e8ce5b681ff5)
2007-10-10r8743: automatically find the basedn in ldap.jsAndrew Tridgell1-4/+13
(This used to be commit bdca9537a260369a53cbb286642db86bc3ea0828)
2007-10-10r8740: Extend the rdn_name module to handle adding the rdn as an attribute. ie:Andrew Bartlett1-0/+56
dn: cn=foo,ou=bar objectClass: person implies dn: cn=foo,ou=bar objectClass: person cn: foo (as well as a pile more default attributes) We also correct the case in the attirbute to match that in the DN (win2k3 behaviour) and I have a testsuite (in ejs) to prove it. This module also found a bug in our provision.ldif, so and reduces code complexity in the samdb module. Andrew Bartlett (This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3)