From 299b59b7c3603642154d78a5e3251926c8ce6e62 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Thu, 5 Aug 2010 22:23:22 +0200
Subject: s4:ldap.py - proof for the impossibility to add a LSA-specific object
 over LDAP

---
 source4/dsdb/tests/python/ldap.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'source4/dsdb/tests')

diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 6ef8b6c7d0..17100904a0 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -118,11 +118,21 @@ class BasicTests(unittest.TestCase):
         self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
         self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
         self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+        self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
 
     def test_objectclasses(self):
         """Test objectClass behaviour"""
         print "Test objectClass behaviour"""
 
+        # We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
+        try:
+            self.ldb.add({
+                "dn": "cn=testsecret,cn=system," + self.base_dn,
+                "objectClass": "secret" })
+            self.fail()
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
         # Invalid objectclass specified
         try:
             self.ldb.add({
@@ -322,6 +332,7 @@ class BasicTests(unittest.TestCase):
             self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
 
         self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+        self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
 
     def test_invalid_parent(self):
         """Test adding an object with invalid parent"""
-- 
cgit