+static bool test_against_ldap(struct torture_context *torture, struct ldb_context *ldb, struct smb_whoami *whoami)
+{
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+
+ const char *attrs[] = { "tokenGroups", NULL };
+ int i;
+
+ torture_assert_int_equal(torture, dsdb_search_one(ldb, torture, &msg, NULL, LDB_SCOPE_BASE, attrs, 0, NULL), LDB_SUCCESS, "searching for tokenGroups");
+ el = ldb_msg_find_element(msg, "tokenGroups");
+ torture_assert(torture, el, "obtaining tokenGroups");
+ torture_assert_int_equal(torture, el->num_values, whoami->num_sids, "Number of SIDs from LDAP and number of SIDs from CIFS does not match!");
+
+ for (i = 0; i < el->num_values; i++) {
+ struct dom_sid *sid = talloc(torture, struct dom_sid);
+ torture_assert(torture, sid != NULL, "talloc failed");
+
+ torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+ torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
+ talloc_free(sid);
+ }
+ return true;
+}
+