From a076d9fb597099d5d9dd465750079d9ebc922248 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 2 Oct 2009 18:31:38 +0200 Subject: s4:ldap.py - major enhancements - Clean up and reorder it a bit - Test which adds invalid attributes - Test which makes sure that the 'distinguishedName' attribute cannot be modified - Test which makes sure that we cannot change the RDN/'name' attribute through a modify request --- source4/lib/ldb/tests/python/ldap.py | 289 ++++++++++++++++++++++------------- 1 file changed, 187 insertions(+), 102 deletions(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 5b2d380f11..bc90d3d17a 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -19,8 +19,27 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX -from ldb import Message, MessageElement, Dn, FLAG_MOD_REPLACE +from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INSUFFICIENT_ACCESS_RIGHTS +from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN +from ldb import Message, MessageElement, Dn, FLAG_MOD_ADD, FLAG_MOD_REPLACE from samba import Ldb, param, dom_sid_to_rid +from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT +from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT +from samba import UF_INTERDOMAIN_TRUST_ACCOUNT +from samba import UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE +from samba import GTYPE_SECURITY_BUILTIN_LOCAL_GROUP +from samba import GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP +from samba import GTYPE_SECURITY_UNIVERSAL_GROUP +from samba import GTYPE_DISTRIBUTION_GLOBAL_GROUP +from samba import GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP +from samba import GTYPE_DISTRIBUTION_UNIVERSAL_GROUP +from samba import ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST +from samba import ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP +from samba import ATYPE_SECURITY_UNIVERSAL_GROUP +from samba import ATYPE_DISTRIBUTION_GLOBAL_GROUP +from samba import ATYPE_DISTRIBUTION_LOCAL_GROUP +from samba import ATYPE_DISTRIBUTION_UNIVERSAL_GROUP + from subunit import SubunitTestRunner import unittest @@ -83,30 +102,111 @@ class BasicTests(unittest.TestCase): print "baseDN: %s\n" % self.base_dn self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn) self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn) self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn) - def test_group_add_invalid_member(self): - """Testing group add with invalid member""" + def test_invalid_attribute(self): + """Test adding invalid attributes (not in schema)""" + print "Test adding invalid attributes (not in schema)""" + try: self.ldb.add({ - "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn, + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, "objectclass": "group", - "member": "cn=ldaptestuser,cn=useRs," + self.base_dn}) + "thisdoesnotexist": "x"}) self.fail() except LdbError, (num, _): - self.assertEquals(num, ERR_NO_SUCH_OBJECT) + self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE, + "thisdoesnotexist") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) + + ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_distinguished_name(self): + """Tests the 'distinguishedName' attribute""" + print "Tests the 'distinguishedName' attribute""" + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["distinguishedName"] = MessageElement( + "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE, + "distinguishedName") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_rdn_name(self): + """Tests the RDN""" + print "Tests the RDN""" + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE, + "name") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["cn"] = MessageElement("ldaptestuser", + FLAG_MOD_REPLACE, "cn") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN) + + ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) def test_parentGUID(self): """Test parentGUID behaviour""" print "Testing parentGUID behaviour\n" + # TODO: This seems to fail on Windows Server. Hidden attribute? + self.ldb.add({ "dn": "cn=parentguidtest,cn=users," + self.base_dn, "objectclass":"user", @@ -117,7 +217,6 @@ class BasicTests(unittest.TestCase): attrs=["objectGUID"]); self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]); - """Test parentGUID behaviour""" print "Testing parentGUID behaviour on rename\n" self.ldb.add({ @@ -131,12 +230,13 @@ class BasicTests(unittest.TestCase): scope=SCOPE_BASE, attrs=["parentGUID"]); self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]); - ldb.delete("cn=parentguidtest,cn=testotherusers," + self.base_dn) - ldb.delete("cn=testotherusers," + self.base_dn) - def test_groupType(self): - """Test groupType behaviour (should appear to be casted to a 32 bit signed integer before comparsion)""" - print "Testing groupType behaviour\n" + self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn) + self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn) + + def test_groupType_int32(self): + """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)""" + print "Testing groupType (int32) behaviour\n" res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE, attrs=["groupType"], expression="groupType=2147483653"); @@ -150,13 +250,9 @@ class BasicTests(unittest.TestCase): self.assertEquals(res1[0]["groupType"][0], "-2147483643") - def test_primary_group(self): - """This tests the primary group behaviour (setting, changing) of a user account""" - print "Testing primary group behaviour\n" - - ldb.add({ - "dn": "cn=ldaptestuser,cn=users," + self.base_dn, - "objectclass": ["user", "person"]}) + def test_groups(self): + """This tests the group behaviour (setting, changing) of a user account""" + print "Testing group behaviour\n" ldb.add({ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, @@ -178,6 +274,33 @@ class BasicTests(unittest.TestCase): group_rid_2 = dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])) + # Try to create a user with an invalid primary group + try: + ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectclass": ["user", "person"], + "primaryGroupID": "0"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + + # Try to Create a user with a valid primary group +# TODO Some more investigation needed here +# try: +# ldb.add({ +# "dn": "cn=ldaptestuser,cn=users," + self.base_dn, +# "objectclass": ["user", "person"], +# "primaryGroupID": str(group_rid_1)}) +# self.fail() +# except LdbError, (num, _): +# self.assertEquasl(num, ERR_UNWILLING_TO_PERFORM) +# self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + + ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectclass": ["user", "person"]}) + # Try to add invalid primary group m = Message() m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) @@ -231,6 +354,18 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS) + # Try to add invalid member to group 1 - should be denied + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["member"] = MessageElement( + "cn=ldaptestuser3,cn=users," + self.base_dn, + FLAG_MOD_ADD, "member") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_OBJECT) + # Make group 2 secondary m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn) @@ -302,7 +437,7 @@ class BasicTests(unittest.TestCase): rid = dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])) self.assertEquals(primary_group_token, rid) -# Has to wait until we support read-only generated attributes correctly +# TODO Has to wait until we support read-only generated attributes correctly # m = Message() # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) # m["primaryGroupToken"] = "100" @@ -319,8 +454,6 @@ class BasicTests(unittest.TestCase): print "Testing user add" - self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) - ldb.add({ "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn, "objectclass": ["user", "person"], @@ -328,27 +461,22 @@ class BasicTests(unittest.TestCase): "givenname": "ldap", "sn": "testy"}) - self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) - ldb.add({ "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn, "objectclass": "group", "member": "cn=ldaptestuser,cn=useRs," + self.base_dn}) - self.delete_force(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) ldb.add({ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn, "objectclass": "computer", "cN": "LDAPtestCOMPUTER"}) - self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn) ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn, "objectClass": "computer", "cn": "LDAPtest2COMPUTER", - "userAccountControl": "4096", + "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT), "displayname": "ldap testy"}) - self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) try: ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, "objectClass": "computer", @@ -358,50 +486,16 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_INVALID_DN_SYNTAX) - self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) - try: - ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, - "objectClass": "computer", - "cn": "ldaptestcomputer3", - "sAMAccountType": "805306368" - }) - self.fail() - except LdbError, (num, _): - self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) - - self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) try: ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, "objectClass": "computer", "cn": "ldaptestcomputer3", - "userAccountControl": "0" - }) - self.fail() - except LdbError, (num, _): - self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) - - self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) - try: - ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn, - "objectClass": "user", - "cn": "LDAPtestuser7", - "userAccountControl": "0" + "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT) }) self.fail() except LdbError, (num, _): self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) - self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) - - ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn, - "objectClass": "user", - "cn": "LDAPtestuser7", - "userAccountControl": "2" - }) - - self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) - - self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, "objectClass": "computer", "cn": "LDAPtestCOMPUTER3" @@ -423,8 +517,8 @@ class BasicTests(unittest.TestCase): self.assertTrue("whenCreated" in res[0]) self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)); self.assertEquals(int(res[0]["primaryGroupID"][0]), 513); - self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368); - self.assertEquals(int(res[0]["userAccountControl"][0]), 546); + self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT); + self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE); self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) @@ -642,29 +736,6 @@ servicePrincipalName: host/ldaptest2computer29 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))") # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))") - print "Testing Group Modifies" - ldb.modify_ldif(""" -dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """ -changetype: modify -add: member -member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """ -member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """ -""") - - self.delete_force(ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) - - print "Testing adding non-existent user to a group" - try: - ldb.modify_ldif(""" -dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """ -changetype: modify -add: member -member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ -""") - self.fail() - except LdbError, (num, _): - self.assertEquals(num, ERR_NO_SUCH_OBJECT) - print "Testing Renames" attrs = ["objectGUID", "objectSid"] @@ -672,8 +743,9 @@ member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs) self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))") - #Check rename works with extended/alternate DN forms + # Check rename works with extended/alternate DN forms ldb.rename("" , "cn=ldaptestuser3,cn=users," + self.base_dn) + ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn) ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn) @@ -737,7 +809,7 @@ member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ # rename back ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn) - # ensure we cannnot rename it twice + # ensure we cannot rename it twice try: ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn) @@ -750,7 +822,7 @@ member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ "objectClass": ["person", "user"], "cn": "LDAPtestUSER3"}) - # ensure we now cannnot rename + # ensure we now cannot rename try: ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn) self.fail() @@ -770,12 +842,11 @@ member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn) - print "Testing subtree Renames" + print "Testing subtree renames" ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn, "objectClass": "container"}) - self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn) ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn, "objectClass": ["person", "user"], "cn": "LDAPtestUSER4"}) @@ -785,6 +856,8 @@ dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """ changetype: modify add: member member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ +member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """ +member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """ """) print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn @@ -864,10 +937,8 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn ldb.delete("cn=ldaptestcontainer2," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn) ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"}) - self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn) ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"}) print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))" @@ -881,8 +952,8 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("objectGUID" in res[0]) self.assertTrue("whenCreated" in res[0]) self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn)) - self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368) - self.assertEquals(int(res[0]["userAccountControl"][0]), 546) + self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT) + self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE) self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper()) self.assertEquals(len(res[0]["memberOf"]), 1) @@ -926,8 +997,8 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("whenCreated" in res[0]) self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)) self.assertEquals(int(res[0]["primaryGroupID"][0]), 513) - self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368) - self.assertEquals(int(res[0]["userAccountControl"][0]), 546) + self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT) + self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE) self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper()) self.assertEquals(len(res[0]["memberOf"]), 1) @@ -988,8 +1059,8 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("objectGUID" in res[0]) self.assertTrue("whenCreated" in res[0]) self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn) - self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306369) - self.assertEquals(int(res[0]["userAccountControl"][0]), 4096) + self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST) + self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT) ldb.delete("") @@ -1212,6 +1283,20 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """ res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"]) self.assertTrue(len(res) > 0) + self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn) + def test_security_descriptor_add(self): """ Testing ldb.add_ldif() for nTSecurityDescriptor """ user_name = "testdescriptoruser1" -- cgit From e218a529e0affd22118ab8f541474e600be5769a Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 2 Oct 2009 21:26:35 +0200 Subject: s4:ldap.py - add a very special rename test (with invalid - empty RDN) --- source4/lib/ldb/tests/python/ldap.py | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index bc90d3d17a..c4ebb7e03d 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -145,7 +145,7 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) - ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) def test_distinguished_name(self): """Tests the 'distinguishedName' attribute""" @@ -167,7 +167,7 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) - ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) def test_rdn_name(self): """Tests the RDN""" @@ -199,7 +199,26 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN) - ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_rename(self): + """Tests the rename operation""" + print "Tests the rename operations""" + + self.ldb.add({ + "dn": "cn=ldaptestuser2,cn=users," + self.base_dn, + "objectclass": ["user", "person"] }) + + ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn) + ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn) + ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn) + try: + ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) def test_parentGUID(self): """Test parentGUID behaviour""" @@ -744,12 +763,7 @@ servicePrincipalName: host/ldaptest2computer29 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))") # Check rename works with extended/alternate DN forms - ldb.rename("" , "cn=ldaptestuser3,cn=users," + self.base_dn) - ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn) - - ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn) - - ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn) + ldb.rename("" , "cn=ldaptestUSER3,cn=users," + self.base_dn) print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))" res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))") -- cgit From 2904f3378d95c194fd7286ad5f321c6726819b8b Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sat, 3 Oct 2009 10:57:14 +0200 Subject: s4:ldap.py - add a test for the "systemOnly" classes --- source4/lib/ldb/tests/python/ldap.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index c4ebb7e03d..7fa25fb43e 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -117,6 +117,21 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn) self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) + + def test_system_only(self): + """Test systemOnly objects""" + print "Test systemOnly objects""" + + try: + self.ldb.add({ + "dn": "cn=ldaptestobject," + self.base_dn, + "objectclass": "configuration"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) def test_invalid_attribute(self): """Test adding invalid attributes (not in schema)""" @@ -136,7 +151,7 @@ class BasicTests(unittest.TestCase): "objectclass": "group"}) m = Message() - m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE, "thisdoesnotexist") try: -- cgit From be938ab44b6095818501b23ca8422c731e14015a Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sat, 3 Oct 2009 11:37:30 +0200 Subject: s4:ldap.py - add tests for valid parent and RDN --- source4/lib/ldb/tests/python/ldap.py | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 7fa25fb43e..59bb5d20a6 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -21,6 +21,7 @@ from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INSUFFICIENT_ACCESS_RIGHTS from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN +from ldb import ERR_NAMING_VIOLATION from ldb import Message, MessageElement, Dn, FLAG_MOD_ADD, FLAG_MOD_REPLACE from samba import Ldb, param, dom_sid_to_rid from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT @@ -118,6 +119,8 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn) self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) + self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn) + self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn) def test_system_only(self): """Test systemOnly objects""" @@ -133,6 +136,32 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) + def test_invalid_parent(self): + """Test adding an object with invalid parent""" + print "Test adding an object with invalid parent""" + + try: + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123," + + self.base_dn, + "objectclass": "group"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_OBJECT) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123," + + self.base_dn) + + try: + self.ldb.add({ + "dn": "ou=testou,cn=users," + self.base_dn, + "objectclass": "organizationalUnit"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NAMING_VIOLATION) + + self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn) + def test_invalid_attribute(self): """Test adding invalid attributes (not in schema)""" print "Test adding invalid attributes (not in schema)""" @@ -188,6 +217,16 @@ class BasicTests(unittest.TestCase): """Tests the RDN""" print "Tests the RDN""" + try: + self.ldb.add({ + "dn": "description=xyz,cn=users," + self.base_dn, + "objectclass": "group"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NAMING_VIOLATION) + + self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn) + self.ldb.add({ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, "objectclass": "group"}) -- cgit From 6a4efccb38109423e22714ce071d8357073bf5ce Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sat, 3 Oct 2009 16:50:34 +0200 Subject: s4:ldap.py - commented out the UTF8 tests (and fixed some deletion DNs) --- source4/lib/ldb/tests/python/ldap.py | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 59bb5d20a6..4ec8f8743a 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -111,8 +111,8 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn) self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn) @@ -1005,9 +1005,9 @@ member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """ print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn ldb.delete("cn=ldaptestcontainer2," + self.base_dn) - ldb.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"}) + ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"}) - ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn, "objectClass": "user"}) + ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"}) print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))" res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))") @@ -1254,7 +1254,9 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """ self.assertTrue("member" not in res[0]) print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))" - res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") +# TODO UTF8 users don't seem to work fully anymore +# res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") + res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))") self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn)) @@ -1275,9 +1277,9 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """ ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn)) print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))" - res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") - - #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))" +# TODO UTF8 users don't seem to work fully anymore +# res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") +# self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))") print "Testing that we can't get at the configuration DN from the main search base" res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"]) @@ -1360,8 +1362,8 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn) -- cgit From 30faff7567f2a7e82a6496bbf221cd8de5d5b50d Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 6 Oct 2009 17:18:04 +0200 Subject: s4:ldap.py - Further enhancements - Enhance test for "distinguishedName" - Add a test for single-valued attributes - Add a test for multi-valued attributes - Add a test for empty messages - Add a test for empty attributes --- source4/lib/ldb/tests/python/ldap.py | 242 ++++++++++++++++++++++++++++++++++- 1 file changed, 236 insertions(+), 6 deletions(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 4ec8f8743a..49aea28f5d 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -21,8 +21,9 @@ from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INSUFFICIENT_ACCESS_RIGHTS from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN -from ldb import ERR_NAMING_VIOLATION -from ldb import Message, MessageElement, Dn, FLAG_MOD_ADD, FLAG_MOD_REPLACE +from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION +from ldb import Message, MessageElement, Dn +from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE from samba import Ldb, param, dom_sid_to_rid from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT @@ -105,7 +106,8 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestuser4,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) @@ -191,6 +193,209 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + def test_single_valued_attributes(self): + """Test single-valued attributes""" + print "Test single-valued attributes""" + + try: + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "sAMAccountName": ["nam1", "nam2"]}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE, + "sAMAccountName") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["sAMAccountName"] = MessageElement("testgroup", FLAG_MOD_REPLACE, + "sAMAccountName") + ldb.modify(m) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["sAMAccountName"] = MessageElement("testgroup2", FLAG_MOD_ADD, + "sAMAccountName") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_multi_valued_attributes(self): + """Test multi-valued attributes""" + print "Test multi-valued attributes""" + +# TODO: In this test I added some special tests where I got very unusual +# results back from a real AD. s4 doesn't match them and I've no idea how to +# implement those error cases (maybe there exists a special trigger for +# "description" attributes which handle them) + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "description": "desc2", + "objectclass": "group", + "description": "desc1"}) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group", + "description": ["desc1", "desc2"]}) + +# m = Message() +# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) +# m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE, +# "description") +# try: +# ldb.modify(m) +# self.fail() +# except LdbError, (num, _): +# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE, + "description") + ldb.modify(m) + +# m = Message() +# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) +# m["description"] = MessageElement("desc3", FLAG_MOD_ADD, +# "description") +# try: +# ldb.modify(m) +# self.fail() +# except LdbError, (num, _): +# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE, + "description") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement("desc1", FLAG_MOD_DELETE, + "description") + ldb.modify(m) + +# m = Message() +# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) +# m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE, +# "description") +# try: +# ldb.modify(m) +# self.fail() +# except LdbError, (num, _): +# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + +# m = Message() +# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) +# m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD, +# "description") +# try: +# ldb.modify(m) +# self.fail() +# except LdbError, (num, _): +# self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement("desc3", FLAG_MOD_ADD, + "description") + ldb.modify(m) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_empty_messages(self): + """Test empty messages""" + print "Test empty messages""" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + try: + ldb.add(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION) + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + + def test_empty_attributes(self): + """Test empty attributes""" + print "Test empty attributes""" + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass") + m["description"] = MessageElement([], FLAG_MOD_ADD, "description") + + try: + ldb.add(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + self.ldb.add({ + "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement([], FLAG_MOD_ADD, "description") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description") + ldb.modify(m) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["description"] = MessageElement([], FLAG_MOD_DELETE, "description") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) + + self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + def test_distinguished_name(self): """Tests the 'distinguishedName' attribute""" print "Tests the 'distinguishedName' attribute""" @@ -199,6 +404,18 @@ class BasicTests(unittest.TestCase): "dn": "cn=ldaptestgroup,cn=users," + self.base_dn, "objectclass": "group"}) + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["distinguishedName"] = MessageElement( + "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD, + "distinguishedName") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) m["distinguishedName"] = MessageElement( @@ -209,7 +426,19 @@ class BasicTests(unittest.TestCase): ldb.modify(m) self.fail() except LdbError, (num, _): - self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + m = Message() + m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + m["distinguishedName"] = MessageElement( + "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE, + "distinguishedName") + + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) @@ -367,7 +596,7 @@ class BasicTests(unittest.TestCase): # "primaryGroupID": str(group_rid_1)}) # self.fail() # except LdbError, (num, _): -# self.assertEquasl(num, ERR_UNWILLING_TO_PERFORM) +# self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) # self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) ldb.add({ @@ -1356,7 +1585,8 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn) - self.delete_force(self.ldb, "cn=ldaptestuser4,cn=users," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn) + self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn) self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn) -- cgit From 818d98acf1c1c80bd6d22868674f750ee704c0fc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 15 Oct 2009 15:54:40 +1100 Subject: s4-ldap: test the rDN size limit --- source4/lib/ldb/tests/python/ldap.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 49aea28f5d..3011b7ed28 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -484,6 +484,30 @@ class BasicTests(unittest.TestCase): self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) + def test_largeRDN(self): + """Testing large rDN (limit 64 characters)""" + rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012"; + self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn)) + ldif = """ +dn: %s,%s""" % (rdn,self.base_dn) + """ +objectClass: container +""" + self.ldb.add_ldif(ldif) + self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn)) + + rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120"; + self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn)) + try: + ldif = """ +dn: %s,%s""" % (rdn,self.base_dn) + """ +objectClass: container +""" + self.ldb.add_ldif(ldif) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn)) + def test_rename(self): """Tests the rename operation""" print "Tests the rename operations""" @@ -1848,6 +1872,7 @@ class SchemaTests(unittest.TestCase): self.assertFalse("objectClasses" in res[0]) self.assertFalse("attributeTypes" in res[0]) + def test_schemaUpdateNow(self): """Testing schemaUpdateNow""" class_name = "test-class" + time.strftime("%s", time.gmtime()) -- cgit From 387e67d53f7c0479ce29f6dd2a031c1158222491 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 15 Oct 2009 16:11:30 +1100 Subject: s4-ldaptest: "testgroup" is a bit too common This failed on one of my test boxes that has a group called "testgroup". using "testgroupXX" should be a bit better. --- source4/lib/ldb/tests/python/ldap.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/lib/ldb/tests/python/ldap.py') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 3011b7ed28..118fb87c84 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -222,13 +222,13 @@ class BasicTests(unittest.TestCase): m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) - m["sAMAccountName"] = MessageElement("testgroup", FLAG_MOD_REPLACE, + m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE, "sAMAccountName") ldb.modify(m) m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) - m["sAMAccountName"] = MessageElement("testgroup2", FLAG_MOD_ADD, + m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD, "sAMAccountName") try: ldb.modify(m) -- cgit