print "baseDN: %s\n" % self.base_dn
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
def test_users_groups(self):
"""This tests the SAM users and groups behaviour"""
group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
res1[0]["objectSID"][0])).split()[1]
+ # Try to create a user with an invalid account name
+ try:
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"],
+ "sAMAccountName": "administrator"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
# Try to create a user with an invalid primary group
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectclass": ["user", "person"]})
+ # Try to set an invalid account name
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sAMAccountName"] = MessageElement("administrator", FLAG_MOD_REPLACE,
+ "sAMAccountName")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+
+ # But to reset the actual "sAMAccountName" should still be possible
+ res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["sAMAccountName"])
+ self.assertTrue(len(res1) == 1)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sAMAccountName"] = MessageElement(res1[0]["sAMAccountName"][0], FLAG_MOD_REPLACE,
+ "sAMAccountName")
+ ldb.modify(m)
+
+ # And another (free) name should be possible as well
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sAMAccountName"] = MessageElement("xxx_ldaptestuser_xxx", FLAG_MOD_REPLACE,
+ "sAMAccountName")
+ ldb.modify(m)
+
# We should be able to reset our actual primary group
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
FLAG_MOD_REPLACE, "primaryGroupID")
ldb.modify(m)
+ # Swap the groups (does not really make sense but does the same)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["primaryGroupID"] = MessageElement(str(group_rid_1),
+ FLAG_MOD_REPLACE, "primaryGroupID")
+ m["primaryGroupID"] = MessageElement(str(group_rid_2),
+ FLAG_MOD_REPLACE, "primaryGroupID")
+ ldb.modify(m)
+
# Old primary group should contain a "member" attribute for the user,
# the new shouldn't contain anymore one
res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
self.assertTrue(len(res1) == 1)
self.assertFalse("member" in res1[0])
+ # Primary group member
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_DELETE, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ # Delete invalid group member
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+ FLAG_MOD_DELETE, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
# Also this should be denied
try:
ldb.add({
- "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
"objectclass": ["user", "person"],
"primaryGroupID": "0"})
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Recreate user accounts
+
+ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"]})
+
+ ldb.add({
+ "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"]})
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "member")
+ ldb.modify(m)
+
+ # Already added
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+
+ # Invalid member
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+ FLAG_MOD_REPLACE, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
+ # Invalid member
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement(["cn=ldaptestuser,cn=users," + self.base_dn,
+ "cn=ldaptestuser1,cn=users," + self.base_dn],
+ FLAG_MOD_REPLACE, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
+ # Invalid member
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
+ FLAG_MOD_REPLACE, "member")
+ m["member"] = MessageElement("cn=ldaptestuser1,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ m["member"] = MessageElement(["cn=ldaptestuser,cn=users," + self.base_dn,
+ "cn=ldaptestuser2,cn=users," + self.base_dn],
+ FLAG_MOD_REPLACE, "member")
+ ldb.modify(m)
+
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sAMAccountName"] = MessageElement("test", FLAG_MOD_ADD,
+ "sAMAccountName")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE,
+ "sAMAccountName")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ def test_dNSHostName(self):
+ """Test the dNSHostName behaviour"""
+ print "Testing dNSHostName behaviour\n"
+
+ ldb.add({
+ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ "objectclass": "computer",
+ "dNSHostName": "testname.testdom"})
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("servicePrincipalName" in res[0])
+
+ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ "objectclass": "computer",
+ "servicePrincipalName": "HOST/testname.testdom"})
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["dNSHostName"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("dNSHostName" in res[0])
+
+ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ "objectclass": "computer",
+ "dNSHostName": "testname2.testdom",
+ "servicePrincipalName": "HOST/testname.testdom"})
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["dNSHostName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["dNSHostName"][0], "testname2.testdom")
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname.testdom")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname.testdoM",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname.testdom")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname2.testdom2",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname2.testdom2")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement([],
+ FLAG_MOD_DELETE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname2.testdom2")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname.testdom3",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname2.testdom2")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname2.testdom2",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname3.testdom3",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom2",
+ FLAG_MOD_REPLACE,
+ "servicePrincipalName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname3.testdom3")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom2",
+ FLAG_MOD_REPLACE,
+ "servicePrincipalName")
+ m["dNSHostName"] = MessageElement("testname4.testdom4",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["servicePrincipalName"][0],
+ "HOST/testname2.testdom2")
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["servicePrincipalName"] = MessageElement([],
+ FLAG_MOD_DELETE,
+ "servicePrincipalName")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname2.testdom2",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertFalse("servicePrincipalName" in res[0])
+
+ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
+
if not "://" in host:
if os.path.isfile(host):
host = "tdb://%s" % host