8 import samba.getopt as options
10 from samba.tests.subunitrun import SubunitOptions, TestProgram
12 from samba.tests import delete_force
13 from samba.dcerpc import security, misc
14 from samba.samdb import SamDB
15 from samba.auth import system_session
16 from samba.ndr import ndr_unpack
17 from ldb import Message, MessageElement, Dn, LdbError
18 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
19 from ldb import SCOPE_BASE, SCOPE_SUBTREE, SCOPE_ONELEVEL
21 # TODO I'm ignoring case in these tests for now.
22 # This should be fixed to work inline with Windows.
23 # The literal strings are in the case Windows uses.
24 # Windows appear to preserve casing of the RDN and uppercase the other keys.
25 class MatchRulesTests(samba.tests.TestCase):
27 super(MatchRulesTests, self).setUp()
29 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
30 self.base_dn = self.ldb.domain_dn()
31 self.ou = "OU=matchrulestest,%s" % self.base_dn
32 self.ou_users = "OU=users,%s" % self.ou
33 self.ou_groups = "OU=groups,%s" % self.ou
34 self.ou_computers = "OU=computers,%s" % self.ou
36 # Add a organizational unit to create objects
39 "objectclass": "organizationalUnit"})
41 # Add the following OU hierarchy and set otherWellKnownObjects,
42 # which has BinaryDN syntax:
50 "dn": "OU=o1,%s" % self.ou,
51 "objectclass": "organizationalUnit"})
53 "dn": "OU=o2,OU=o1,%s" % self.ou,
54 "objectclass": "organizationalUnit"})
56 "dn": "OU=o3,OU=o2,OU=o1,%s" % self.ou,
57 "objectclass": "organizationalUnit"})
59 "dn": "OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
60 "objectclass": "organizationalUnit"})
63 m.dn = Dn(self.ldb, self.ou)
64 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000001:OU=o1,%s" % self.ou,
65 FLAG_MOD_ADD, "otherWellKnownObjects")
69 m.dn = Dn(self.ldb, "OU=o1,%s" % self.ou)
70 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000002:OU=o2,OU=o1,%s" % self.ou,
71 FLAG_MOD_ADD, "otherWellKnownObjects")
75 m.dn = Dn(self.ldb, "OU=o2,OU=o1,%s" % self.ou)
76 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000003:OU=o3,OU=o2,OU=o1,%s" % self.ou,
77 FLAG_MOD_ADD, "otherWellKnownObjects")
81 m.dn = Dn(self.ldb, "OU=o3,OU=o2,OU=o1,%s" % self.ou)
82 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
83 FLAG_MOD_ADD, "otherWellKnownObjects")
86 # Create OU for users and groups
89 "objectclass": "organizationalUnit"})
92 "objectclass": "organizationalUnit"})
94 "dn": self.ou_computers,
95 "objectclass": "organizationalUnit"})
99 "dn": "cn=g1,%s" % self.ou_groups,
100 "objectclass": "group" })
102 "dn": "cn=g2,%s" % self.ou_groups,
103 "objectclass": "group" })
105 "dn": "cn=g4,%s" % self.ou_groups,
106 "objectclass": "group" })
108 "dn": "cn=g3,%s" % self.ou_groups,
109 "objectclass": "group" })
113 "dn": "cn=u1,%s" % self.ou_users,
114 "objectclass": "user"})
116 "dn": "cn=u2,%s" % self.ou_users,
117 "objectclass": "user"})
119 "dn": "cn=u3,%s" % self.ou_users,
120 "objectclass": "user"})
122 "dn": "cn=u4,%s" % self.ou_users,
123 "objectclass": "user"})
125 # Add computers to test Object(DN-Binary) syntax
127 "dn": "cn=c1,%s" % self.ou_computers,
128 "objectclass": "computer",
129 "dNSHostName": "c1.%s" % self.lp.get("realm").lower(),
130 "servicePrincipalName": ["HOST/c1"],
131 "sAMAccountName": "c1$",
132 "userAccountControl": "83890178"})
135 "dn": "cn=c2,%s" % self.ou_computers,
136 "objectclass": "computer",
137 "dNSHostName": "c2.%s" % self.lp.get("realm").lower(),
138 "servicePrincipalName": ["HOST/c2"],
139 "sAMAccountName": "c2$",
140 "userAccountControl": "83890178"})
143 "dn": "cn=c3,%s" % self.ou_computers,
144 "objectclass": "computer",
145 "dNSHostName": "c3.%s" % self.lp.get("realm").lower(),
146 "servicePrincipalName": ["HOST/c3"],
147 "sAMAccountName": "c3$",
148 "userAccountControl": "83890178"})
150 # Create the following hierarchy:
162 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
163 m["member"] = MessageElement("CN=u1,%s" % self.ou_users,
164 FLAG_MOD_ADD, "member")
169 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
170 m["member"] = MessageElement("cn=u2,%s" % self.ou_users,
171 FLAG_MOD_ADD, "member")
176 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
177 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
178 FLAG_MOD_ADD, "member")
183 m.dn = Dn(self.ldb, "cn=g4,%s" % self.ou_groups)
184 m["member"] = MessageElement("cn=u4,%s" % self.ou_users,
185 FLAG_MOD_ADD, "member")
190 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
191 m["member"] = MessageElement("cn=g3,%s" % self.ou_groups,
192 FLAG_MOD_ADD, "member")
197 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
198 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
199 FLAG_MOD_ADD, "member")
204 m.dn = Dn(self.ldb, "cn=g2,%s" % self.ou_groups)
205 m["member"] = MessageElement("cn=g1,%s" % self.ou_groups,
206 FLAG_MOD_ADD, "member")
209 # The msDS-RevealedUsers is owned by system and cannot be modified
210 # directly. Set the schemaUpgradeInProgress flag as workaround
211 # and create this hierarchy:
218 # While appropriate for this test, this is NOT a good practice
219 # in general. This is only done here because the alternative
220 # is to make a schema modification.
222 # IF/WHEN Samba protects this attribute better, this
223 # particular part of the test can be removed, as the same code
224 # is covered by the addressBookRoots2 case well enough.
227 m.dn = Dn(self.ldb, "")
228 m["e1"] = MessageElement("1", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
232 m.dn = Dn(self.ldb, "cn=c2,%s" % self.ou_computers)
233 m["e1"] = MessageElement("B:8:01010101:cn=c3,%s" % self.ou_computers,
234 FLAG_MOD_ADD, "msDS-RevealedUsers")
238 m.dn = Dn(self.ldb, "cn=c1,%s" % self.ou_computers)
239 m["e1"] = MessageElement("B:8:01010101:cn=c2,%s" % self.ou_computers,
240 FLAG_MOD_ADD, "msDS-RevealedUsers")
244 m.dn = Dn(self.ldb, "")
245 m["e1"] = MessageElement("0", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
248 # Add a couple of ms-Exch-Configuration-Container to test forward-link
249 # attributes without backward link (addressBookRoots2)
254 "dn": "cn=e1,%s" % self.ou,
255 "objectclass": "msExchConfigurationContainer"})
257 "dn": "cn=e2,%s" % self.ou,
258 "objectclass": "msExchConfigurationContainer"})
261 m.dn = Dn(self.ldb, "cn=e2,%s" % self.ou)
262 m["e1"] = MessageElement("cn=c1,%s" % self.ou_computers,
263 FLAG_MOD_ADD, "addressBookRoots2")
267 m.dn = Dn(self.ldb, "cn=e1,%s" % self.ou)
268 m["e1"] = MessageElement("cn=e2,%s" % self.ou,
269 FLAG_MOD_ADD, "addressBookRoots2")
273 super(MatchRulesTests, self).tearDown()
274 delete_force(self.ldb, "cn=u4,%s" % self.ou_users)
275 delete_force(self.ldb, "cn=u3,%s" % self.ou_users)
276 delete_force(self.ldb, "cn=u2,%s" % self.ou_users)
277 delete_force(self.ldb, "cn=u1,%s" % self.ou_users)
278 delete_force(self.ldb, "cn=g4,%s" % self.ou_groups)
279 delete_force(self.ldb, "cn=g3,%s" % self.ou_groups)
280 delete_force(self.ldb, "cn=g2,%s" % self.ou_groups)
281 delete_force(self.ldb, "cn=g1,%s" % self.ou_groups)
282 delete_force(self.ldb, "cn=c1,%s" % self.ou_computers)
283 delete_force(self.ldb, "cn=c2,%s" % self.ou_computers)
284 delete_force(self.ldb, "cn=c3,%s" % self.ou_computers)
285 delete_force(self.ldb, self.ou_users)
286 delete_force(self.ldb, self.ou_groups)
287 delete_force(self.ldb, self.ou_computers)
288 delete_force(self.ldb, "OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
289 delete_force(self.ldb, "OU=o3,OU=o2,OU=o1,%s" % self.ou)
290 delete_force(self.ldb, "OU=o2,OU=o1,%s" % self.ou)
291 delete_force(self.ldb, "OU=o1,%s" % self.ou)
292 delete_force(self.ldb, "CN=e2,%s" % self.ou)
293 delete_force(self.ldb, "CN=e1,%s" % self.ou)
294 delete_force(self.ldb, self.ou)
296 def test_u1_member_of_g4(self):
297 # Search without transitive match must return 0 results
298 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
300 expression="member=cn=u1,%s" % self.ou_users)
301 self.assertEqual(len(res1), 0)
303 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
305 expression="memberOf=cn=g4,%s" % self.ou_groups)
306 self.assertEqual(len(res1), 0)
308 # Search with transitive match must return 1 results
309 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
311 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
312 self.assertEqual(len(res1), 1)
313 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
315 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
317 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
318 self.assertEqual(len(res1), 1)
319 self.assertEqual(str(res1[0].dn).lower(), ("CN=u1,%s" % self.ou_users).lower())
321 def test_g1_member_of_g4(self):
322 # Search without transitive match must return 0 results
323 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
325 expression="member=cn=g1,%s" % self.ou_groups)
326 self.assertEqual(len(res1), 0)
328 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
330 expression="memberOf=cn=g4,%s" % self.ou_groups)
331 self.assertEqual(len(res1), 0)
333 # Search with transitive match must return 1 results
334 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
336 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
337 self.assertEqual(len(res1), 1)
338 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
340 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
342 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
343 self.assertEqual(len(res1), 1)
344 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
346 def test_u1_groups(self):
347 res1 = self.ldb.search(self.ou_groups,
349 expression="member=cn=u1,%s" % self.ou_users)
350 self.assertEqual(len(res1), 1)
351 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
353 res1 = self.ldb.search(self.ou_users,
355 expression="member=cn=u1,%s" % self.ou_users)
356 self.assertEqual(len(res1), 0)
358 res1 = self.ldb.search(self.ou_groups,
360 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
361 self.assertEqual(len(res1), 4)
362 dn_list = [str(res.dn).lower() for res in res1]
363 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
364 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
365 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
366 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
368 res1 = self.ldb.search(self.ou_users,
370 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
371 self.assertEqual(len(res1), 0)
373 def test_u2_groups(self):
374 res1 = self.ldb.search(self.ou_groups,
376 expression="member=cn=u2,%s" % self.ou_users)
377 self.assertEqual(len(res1), 1)
378 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
380 res1 = self.ldb.search(self.ou_users,
382 expression="member=cn=u2,%s" % self.ou_users)
383 self.assertEqual(len(res1), 0)
385 res1 = self.ldb.search(self.ou_groups,
387 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
388 self.assertEqual(len(res1), 3)
389 dn_list = [str(res.dn).lower() for res in res1]
390 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
391 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
392 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
394 res1 = self.ldb.search(self.ou_users,
396 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
397 self.assertEqual(len(res1), 0)
399 def test_u3_groups(self):
400 res1 = self.ldb.search(self.ou_groups,
402 expression="member=cn=u3,%s" % self.ou_users)
403 self.assertEqual(len(res1), 1)
404 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
406 res1 = self.ldb.search(self.ou_users,
408 expression="member=cn=u3,%s" % self.ou_users)
409 self.assertEqual(len(res1), 0)
411 res1 = self.ldb.search(self.ou_groups,
413 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
414 self.assertEqual(len(res1), 2)
415 dn_list = [str(res.dn).lower() for res in res1]
416 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
417 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
419 res1 = self.ldb.search(self.ou_users,
421 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
422 self.assertEqual(len(res1), 0)
424 def test_u4_groups(self):
425 res1 = self.ldb.search(self.ou_groups,
427 expression="member=cn=u4,%s" % self.ou_users)
428 self.assertEqual(len(res1), 1)
429 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
431 res1 = self.ldb.search(self.ou_users,
433 expression="member=cn=u4,%s" % self.ou_users)
434 self.assertEqual(len(res1), 0)
436 res1 = self.ldb.search(self.ou_groups,
438 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
439 self.assertEqual(len(res1), 1)
440 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
442 res1 = self.ldb.search(self.ou_users,
444 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
445 self.assertEqual(len(res1), 0)
447 def test_extended_dn_u1(self):
448 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
450 expression="objectClass=*",
451 attrs=['objectSid', 'objectGUID'])
452 self.assertEqual(len(res1), 1)
453 self.assertEqual(str(res1[0].dn).lower(), ("cn=u1,%s" % self.ou_users).lower())
455 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
456 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
458 res1 = self.ldb.search(self.ou_groups,
460 expression="member=<SID=%s>" % sid)
461 self.assertEqual(len(res1), 1)
462 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
464 res1 = self.ldb.search(self.ou_groups,
466 expression="member=<GUID=%s>" % guid)
467 self.assertEqual(len(res1), 1)
468 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
470 res1 = self.ldb.search(self.ou_groups,
472 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
473 self.assertEqual(len(res1), 4)
474 dn_list = [str(res.dn).lower() for res in res1]
475 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
476 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
477 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
478 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
480 res1 = self.ldb.search(self.ou_groups,
481 scope=SCOPE_ONELEVEL,
482 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
483 self.assertEqual(len(res1), 4)
484 dn_list = [str(res.dn).lower() for res in res1]
485 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
486 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
487 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
488 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
490 res1 = self.ldb.search(self.ou_groups,
492 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
493 self.assertEqual(len(res1), 4)
494 dn_list = [str(res.dn).lower() for res in res1]
495 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
496 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
497 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
498 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
500 res1 = self.ldb.search(self.ou_groups,
501 scope=SCOPE_ONELEVEL,
502 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
503 self.assertEqual(len(res1), 4)
504 dn_list = [str(res.dn).lower() for res in res1]
505 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
506 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
507 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
508 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
510 def test_extended_dn_u2(self):
511 res1 = self.ldb.search("cn=u2,%s" % self.ou_users,
513 expression="objectClass=*",
514 attrs=['objectSid', 'objectGUID'])
515 self.assertEqual(len(res1), 1)
516 self.assertEqual(str(res1[0].dn).lower(), ("cn=u2,%s" % self.ou_users).lower())
518 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
519 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
521 res1 = self.ldb.search(self.ou_groups,
523 expression="member=<SID=%s>" % sid)
524 self.assertEqual(len(res1), 1)
525 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
527 res1 = self.ldb.search(self.ou_groups,
529 expression="member=<GUID=%s>" % guid)
530 self.assertEqual(len(res1), 1)
531 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
533 res1 = self.ldb.search(self.ou_groups,
535 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
536 self.assertEqual(len(res1), 3)
537 dn_list = [str(res.dn).lower() for res in res1]
538 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
539 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
540 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
542 res1 = self.ldb.search(self.ou_groups,
543 scope=SCOPE_ONELEVEL,
544 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
545 self.assertEqual(len(res1), 3)
546 dn_list = [str(res.dn).lower() for res in res1]
547 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
548 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
549 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
551 res1 = self.ldb.search(self.ou_groups,
553 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
554 self.assertEqual(len(res1), 3)
555 dn_list = [str(res.dn).lower() for res in res1]
556 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
557 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
558 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
560 res1 = self.ldb.search(self.ou_groups,
561 scope=SCOPE_ONELEVEL,
562 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
563 self.assertEqual(len(res1), 3)
564 dn_list = [str(res.dn).lower() for res in res1]
565 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
566 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
567 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
569 def test_extended_dn_u3(self):
570 res1 = self.ldb.search("cn=u3,%s" % self.ou_users,
572 expression="objectClass=*",
573 attrs=['objectSid', 'objectGUID'])
574 self.assertEqual(len(res1), 1)
575 self.assertEqual(str(res1[0].dn).lower(), ("cn=u3,%s" % self.ou_users).lower())
577 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
578 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
580 res1 = self.ldb.search(self.ou_groups,
582 expression="member=<SID=%s>" % sid)
583 self.assertEqual(len(res1), 1)
584 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
586 res1 = self.ldb.search(self.ou_groups,
588 expression="member=<GUID=%s>" % guid)
589 self.assertEqual(len(res1), 1)
590 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
592 res1 = self.ldb.search(self.ou_groups,
594 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
595 self.assertEqual(len(res1), 2)
596 dn_list = [str(res.dn).lower() for res in res1]
597 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
598 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
600 res1 = self.ldb.search(self.ou_groups,
601 scope=SCOPE_ONELEVEL,
602 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
603 self.assertEqual(len(res1), 2)
604 dn_list = [str(res.dn).lower() for res in res1]
605 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
606 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
608 res1 = self.ldb.search(self.ou_groups,
610 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
611 self.assertEqual(len(res1), 2)
612 dn_list = [str(res.dn).lower() for res in res1]
613 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
614 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
616 res1 = self.ldb.search(self.ou_groups,
617 scope=SCOPE_ONELEVEL,
618 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
619 self.assertEqual(len(res1), 2)
620 dn_list = [str(res.dn).lower() for res in res1]
621 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
622 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
624 def test_extended_dn_u4(self):
625 res1 = self.ldb.search("cn=u4,%s" % self.ou_users,
627 expression="objectClass=*",
628 attrs=['objectSid', 'objectGUID'])
629 self.assertEqual(len(res1), 1)
630 self.assertEqual(str(res1[0].dn).lower(), ("cn=u4,%s" % self.ou_users).lower())
632 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0])
633 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0])
635 res1 = self.ldb.search(self.ou_groups,
637 expression="member=<SID=%s>" % sid)
638 self.assertEqual(len(res1), 1)
639 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
641 res1 = self.ldb.search(self.ou_groups,
643 expression="member=<GUID=%s>" % guid)
644 self.assertEqual(len(res1), 1)
645 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
647 res1 = self.ldb.search(self.ou_groups,
648 scope=SCOPE_ONELEVEL,
649 expression="member=<GUID=%s>" % guid)
650 self.assertEqual(len(res1), 1)
651 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
653 res1 = self.ldb.search(self.ou_groups,
655 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
656 self.assertEqual(len(res1), 1)
657 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
659 res1 = self.ldb.search(self.ou_groups,
660 scope=SCOPE_ONELEVEL,
661 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
662 self.assertEqual(len(res1), 1)
663 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
665 res1 = self.ldb.search(self.ou_groups,
667 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
668 self.assertEqual(len(res1), 1)
669 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
671 res1 = self.ldb.search(self.ou_groups,
672 scope=SCOPE_ONELEVEL,
673 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
674 self.assertEqual(len(res1), 1)
675 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
677 def test_object_dn_binary(self):
678 res1 = self.ldb.search(self.ou_computers,
680 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
681 self.assertEqual(len(res1), 1)
682 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
684 res1 = self.ldb.search(self.ou_computers,
685 scope=SCOPE_ONELEVEL,
686 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
687 self.assertEqual(len(res1), 1)
688 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
690 res1 = self.ldb.search(self.ou_computers,
692 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
693 self.assertEqual(len(res1), 2)
694 dn_list = [str(res.dn).lower() for res in res1]
695 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
696 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
698 res1 = self.ldb.search(self.ou_computers,
699 scope=SCOPE_ONELEVEL,
700 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
701 self.assertEqual(len(res1), 2)
702 dn_list = [str(res.dn).lower() for res in res1]
703 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
704 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
706 def test_one_way_links(self):
707 res1 = self.ldb.search(self.ou,
709 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
710 self.assertEqual(len(res1), 1)
711 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
713 res1 = self.ldb.search(self.ou,
714 scope=SCOPE_ONELEVEL,
715 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
716 self.assertEqual(len(res1), 1)
717 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
719 res1 = self.ldb.search(self.ou,
721 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
722 self.assertEqual(len(res1), 2)
723 dn_list = [str(res.dn).lower() for res in res1]
724 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
725 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
727 res1 = self.ldb.search(self.ou,
728 scope=SCOPE_ONELEVEL,
729 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
730 self.assertEqual(len(res1), 2)
731 dn_list = [str(res.dn).lower() for res in res1]
732 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
733 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
735 def test_not_linked_attrs(self):
736 res1 = self.ldb.search(self.base_dn,
738 expression="wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,%s" % self.base_dn)
739 self.assertEqual(len(res1), 1)
740 self.assertEqual(str(res1[0].dn).lower(), self.base_dn.lower())
742 def test_invalid_basedn(self):
743 res1 = self.ldb.search(self.base_dn,
745 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,ou=computers,ou=matchrulestest,%sXX" % self.base_dn)
746 self.assertEqual(len(res1), 0)
748 res1 = self.ldb.search(self.base_dn,
750 expression="memberOf:1.2.840.113556.1.4.1941:=cn=XX,ou=computers,ou=matchrulestest,%s" % self.base_dn)
751 self.assertEqual(len(res1), 0)
753 def test_subtree(self):
754 res1 = self.ldb.search(self.ou,
756 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
757 self.assertEqual(len(res1), 1)
758 self.assertEqual(str(res1[0].dn).lower(), ("OU=o3,OU=o2,OU=o1,%s" % self.ou).lower())
760 res1 = self.ldb.search(self.ou,
761 scope=SCOPE_ONELEVEL,
762 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
763 self.assertEqual(len(res1), 0)
765 res1 = self.ldb.search(self.ou,
767 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
768 self.assertEqual(len(res1), 0)
770 res1 = self.ldb.search(self.ou,
771 scope=SCOPE_ONELEVEL,
772 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
773 self.assertEqual(len(res1), 0)
775 def test_unknown_oid(self):
776 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
778 expression="member:2.4.681.226012.2.8.3882:=cn=u1,%s" % self.ou_users)
779 self.assertEqual(len(res1), 0)
781 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
783 expression="member:8.16.8720.1008448.8.32.15528:=cn=u1,%s" % self.ou_users)
784 self.assertEqual(len(res1), 0)
786 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
788 expression="member:1.2.3.4:=cn=u1,%s" % self.ou_users)
789 self.assertEqual(len(res1), 0)
791 def test_nul_text(self):
792 self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
794 expression="\00member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
795 self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
797 expression="member:1.2.840\00.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
798 self.assertRaises(TypeError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
800 expression="member:1.2.840.113556.1.4.1941:=cn=u1\00,%s" % self.ou_users))
801 self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
803 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
804 self.assertRaises(LdbError, lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
806 expression="member:1.2.840.113556.1.4.1941:"))
807 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
809 expression="member:1.2.840.113556.1.4.1941:=")
810 self.assertEqual(len(res1), 0)
811 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
813 expression="member=")
814 self.assertEqual(len(res1), 0)
815 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
817 expression="member:1.2.840.113556.1.4.1941:=nonexistent")
818 self.assertEqual(len(res1), 0)
819 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
821 expression="member=nonexistent")
822 self.assertEqual(len(res1), 0)
823 self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
825 expression="member:1.2.840.113556.1.4.1941:cn=u1,%s" % self.ou_users))
826 self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
828 expression="member:1.2.840.113556.1.4.1941:=cn=u1"))
829 self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
831 expression="member:1.2.840.113556.1.4.1941:=cn="))
832 self.assertRaises(LdbError, lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
834 expression="member::=cn=u1,%s" % self.ou_users))
836 def test_misc_matches(self):
837 res1 = self.ldb.search(self.ou_groups,
839 expression="member=cn=g1,%s" % self.ou_groups)
840 self.assertEqual(len(res1), 0)
842 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
844 expression="member=cn=g1,%s" % self.ou_groups)
845 self.assertEqual(len(res1), 0)
847 res1 = self.ldb.search(self.ou_groups,
849 expression="member=cn=g1,%s" % self.ou_groups)
850 self.assertEqual(len(res1), 1)
851 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
853 res1 = self.ldb.search(self.ou_groups,
854 scope=SCOPE_ONELEVEL,
855 expression="member=cn=g1,%s" % self.ou_groups)
856 self.assertEqual(len(res1), 1)
857 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
859 res1 = self.ldb.search(self.ou_groups,
861 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
862 self.assertEqual(len(res1), 0)
864 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
866 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
867 self.assertEqual(len(res1), 0)
869 res1 = self.ldb.search(self.ou_groups,
871 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
872 self.assertEqual(len(res1), 3)
873 dn_list = [str(res.dn) for res in res1]
874 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
875 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
876 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
878 res1 = self.ldb.search(self.ou_groups,
879 scope=SCOPE_ONELEVEL,
880 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
881 self.assertEqual(len(res1), 3)
882 dn_list = [str(res.dn) for res in res1]
883 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
884 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
885 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
887 res1 = self.ldb.search(self.ou_groups,
889 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
890 self.assertEqual(len(res1), 0)
892 res1 = self.ldb.search(self.ou_groups,
893 scope=SCOPE_ONELEVEL,
894 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
895 self.assertEqual(len(res1), 0)
897 res1 = self.ldb.search(self.ou_groups,
899 expression="memberOf=cn=g4,%s" % self.ou_groups)
900 self.assertEqual(len(res1), 0)
902 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
904 expression="memberOf=cn=g4,%s" % self.ou_groups)
905 self.assertEqual(len(res1), 0)
907 res1 = self.ldb.search(self.ou_groups,
909 expression="memberOf=cn=g4,%s" % self.ou_groups)
910 self.assertEqual(len(res1), 1)
911 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
913 res1 = self.ldb.search(self.ou_groups,
914 scope=SCOPE_ONELEVEL,
915 expression="memberOf=cn=g4,%s" % self.ou_groups)
916 self.assertEqual(len(res1), 1)
917 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
919 res1 = self.ldb.search(self.ou_groups,
921 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
922 self.assertEqual(len(res1), 0)
924 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
926 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
927 self.assertEqual(len(res1), 0)
929 res1 = self.ldb.search(self.ou_groups,
931 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
932 self.assertEqual(len(res1), 3)
933 dn_list = [str(res.dn) for res in res1]
934 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
935 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
936 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
938 res1 = self.ldb.search(self.ou_groups,
939 scope=SCOPE_ONELEVEL,
940 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
941 self.assertEqual(len(res1), 3)
942 dn_list = [str(res.dn) for res in res1]
943 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
944 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
945 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
947 res1 = self.ldb.search(self.ou_groups,
949 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
950 self.assertEqual(len(res1), 0)
952 res1 = self.ldb.search(self.ou_groups,
954 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
955 self.assertEqual(len(res1), 0)
957 class MatchRuleConditionTests(samba.tests.TestCase):
959 super(MatchRuleConditionTests, self).setUp()
961 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
962 self.base_dn = self.ldb.domain_dn()
963 self.ou = "OU=matchruleconditiontests,%s" % self.base_dn
964 self.ou_users = "OU=users,%s" % self.ou
965 self.ou_groups = "OU=groups,%s" % self.ou
966 self.ou_computers = "OU=computers,%s" % self.ou
968 # Add a organizational unit to create objects
971 "objectclass": "organizationalUnit"})
973 # Create users, groups, and computers
976 "objectclass": "organizationalUnit"})
978 "dn": self.ou_groups,
979 "objectclass": "organizationalUnit"})
981 "dn": self.ou_computers,
982 "objectclass": "organizationalUnit"})
985 "dn": "cn=g1,%s" % self.ou_groups,
986 "objectclass": "group" })
988 "dn": "cn=g2,%s" % self.ou_groups,
989 "objectclass": "group" })
991 "dn": "cn=g3,%s" % self.ou_groups,
992 "objectclass": "group" })
994 "dn": "cn=g4,%s" % self.ou_groups,
995 "objectclass": "group" })
998 "dn": "cn=u1,%s" % self.ou_users,
999 "objectclass": "group"})
1001 "dn": "cn=u2,%s" % self.ou_users,
1002 "objectclass": "group"})
1004 "dn": "cn=u3,%s" % self.ou_users,
1005 "objectclass": "group"})
1007 "dn": "cn=u4,%s" % self.ou_users,
1008 "objectclass": "group"})
1011 "dn": "cn=c1,%s" % self.ou_computers,
1012 "objectclass": "user"})
1015 "dn": "cn=c2,%s" % self.ou_computers,
1016 "objectclass": "user"})
1019 "dn": "cn=c3,%s" % self.ou_computers,
1020 "objectclass": "user"})
1023 "dn": "cn=c4,%s" % self.ou_computers,
1024 "objectclass": "user"})
1026 # Assign groups according to the following structure:
1027 # g1-->g2---->g3 --g4
1029 # u1- >u2-- | u3<- | u4
1032 # *c1 is a member of u1, u2, u3, and u4
1034 # u2 is a member of g1 and g2
1036 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1037 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1038 FLAG_MOD_ADD, "member")
1042 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1043 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1044 FLAG_MOD_ADD, "member")
1047 # g2 is a member of g1
1049 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1050 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
1051 FLAG_MOD_ADD, "member")
1054 # g3 is a member of g2
1056 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1057 m["member"] = MessageElement("CN=g3,%s" % self.ou_groups,
1058 FLAG_MOD_ADD, "member")
1061 # u3 is a member of g3 and g4
1063 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1064 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1065 FLAG_MOD_ADD, "member")
1069 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1070 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1071 FLAG_MOD_ADD, "member")
1074 # u4 is a member of g4
1076 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1077 m["member"] = MessageElement("CN=u4,%s" % self.ou_users,
1078 FLAG_MOD_ADD, "member")
1081 # c1 is a member of u1, u2, u3, and u4
1083 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1084 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1085 FLAG_MOD_ADD, "member")
1089 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1090 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1091 FLAG_MOD_ADD, "member")
1095 m.dn = Dn(self.ldb, "CN=u3,%s" % self.ou_users)
1096 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1097 FLAG_MOD_ADD, "member")
1101 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1102 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1103 FLAG_MOD_ADD, "member")
1106 # c2 is a member of u1
1108 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1109 m["member"] = MessageElement("CN=c2,%s" % self.ou_computers,
1110 FLAG_MOD_ADD, "member")
1113 # c3 is a member of u2 and g3
1115 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1116 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1117 FLAG_MOD_ADD, "member")
1121 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1122 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1123 FLAG_MOD_ADD, "member")
1126 # c4 is a member of u4 and g4
1128 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1129 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1130 FLAG_MOD_ADD, "member")
1134 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1135 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1136 FLAG_MOD_ADD, "member")
1139 self.question = 6*(9-2)
1143 super(MatchRuleConditionTests, self).tearDown()
1144 delete_force(self.ldb, "cn=u4,%s" % self.ou_users)
1145 delete_force(self.ldb, "cn=u3,%s" % self.ou_users)
1146 delete_force(self.ldb, "cn=u2,%s" % self.ou_users)
1147 delete_force(self.ldb, "cn=u1,%s" % self.ou_users)
1148 delete_force(self.ldb, "cn=g4,%s" % self.ou_groups)
1149 delete_force(self.ldb, "cn=g3,%s" % self.ou_groups)
1150 delete_force(self.ldb, "cn=g2,%s" % self.ou_groups)
1151 delete_force(self.ldb, "cn=g1,%s" % self.ou_groups)
1152 delete_force(self.ldb, "cn=c1,%s" % self.ou_computers)
1153 delete_force(self.ldb, "cn=c2,%s" % self.ou_computers)
1154 delete_force(self.ldb, "cn=c3,%s" % self.ou_computers)
1155 delete_force(self.ldb, "cn=c4,%s" % self.ou_computers)
1156 delete_force(self.ldb, self.ou_users)
1157 delete_force(self.ldb, self.ou_groups)
1158 delete_force(self.ldb, self.ou_computers)
1159 delete_force(self.ldb, self.ou)
1162 def test_g1_members(self):
1163 res1 = self.ldb.search(self.ou,
1164 scope=SCOPE_SUBTREE,
1165 expression="memberOf=cn=g1,%s" % self.ou_groups)
1166 self.assertEquals(len(res1), 2)
1167 dn_list = [str(res.dn) for res in res1]
1168 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1169 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1171 res1 = self.ldb.search(self.ou,
1172 scope=SCOPE_SUBTREE,
1173 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1174 self.assertEquals(len(res1), 6)
1175 dn_list = [str(res.dn) for res in res1]
1176 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1177 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1178 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1179 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1180 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1181 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1183 res1 = self.ldb.search(self.ou,
1184 scope=SCOPE_SUBTREE,
1185 expression="member=cn=g1,%s" % self.ou_groups)
1186 self.assertEquals(len(res1), 0)
1188 res1 = self.ldb.search(self.ou,
1189 scope=SCOPE_SUBTREE,
1190 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1191 self.assertEquals(len(res1), 0)
1193 def test_g2_members(self):
1194 res1 = self.ldb.search(self.ou,
1195 scope=SCOPE_SUBTREE,
1196 expression="memberOf=cn=g2,%s" % self.ou_groups)
1197 self.assertEquals(len(res1), 2)
1198 dn_list = [str(res.dn) for res in res1]
1199 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1200 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1202 res1 = self.ldb.search(self.ou,
1203 scope=SCOPE_SUBTREE,
1204 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1205 self.assertEquals(len(res1), 5)
1206 dn_list = [str(res.dn) for res in res1]
1207 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1208 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1209 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1210 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1211 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1213 res1 = self.ldb.search(self.ou,
1214 scope=SCOPE_SUBTREE,
1215 expression="member=cn=g2,%s" % self.ou_groups)
1216 self.assertEquals(len(res1), 1)
1217 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1219 res1 = self.ldb.search(self.ou,
1220 scope=SCOPE_SUBTREE,
1221 expression="member:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1222 self.assertEquals(len(res1), 1)
1223 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1225 def test_g3_members(self):
1226 res1 = self.ldb.search(self.ou,
1227 scope=SCOPE_SUBTREE,
1228 expression="memberOf=cn=g3,%s" % self.ou_groups)
1229 self.assertEquals(len(res1), 2)
1230 dn_list = [str(res.dn) for res in res1]
1231 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1232 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1234 res1 = self.ldb.search(self.ou,
1235 scope=SCOPE_SUBTREE,
1236 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1237 self.assertEquals(len(res1), 3)
1238 dn_list = [str(res.dn) for res in res1]
1239 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1240 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1241 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1243 res1 = self.ldb.search(self.ou,
1244 scope=SCOPE_SUBTREE,
1245 expression="member=cn=g3,%s" % self.ou_groups)
1246 self.assertEquals(len(res1), 1)
1247 self.assertEquals(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
1249 res1 = self.ldb.search(self.ou,
1250 scope=SCOPE_SUBTREE,
1251 expression="member:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1252 self.assertEquals(len(res1), 2)
1253 dn_list = [str(res.dn) for res in res1]
1254 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1255 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1257 def test_g4_members(self):
1258 res1 = self.ldb.search(self.ou,
1259 scope=SCOPE_SUBTREE,
1260 expression="memberOf=cn=g4,%s" % self.ou_groups)
1261 self.assertEquals(len(res1), 3)
1262 dn_list = [str(res.dn) for res in res1]
1263 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1264 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1265 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1267 res1 = self.ldb.search(self.ou,
1268 scope=SCOPE_SUBTREE,
1269 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1270 self.assertEquals(len(res1), 4)
1271 dn_list = [str(res.dn) for res in res1]
1272 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1273 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1274 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1275 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1277 res1 = self.ldb.search(self.ou,
1278 scope=SCOPE_SUBTREE,
1279 expression="member=cn=g4,%s" % self.ou_groups)
1280 self.assertEquals(len(res1), 0)
1282 res1 = self.ldb.search(self.ou,
1283 scope=SCOPE_SUBTREE,
1284 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1285 self.assertEquals(len(res1), 0)
1287 def test_u1_members(self):
1288 res1 = self.ldb.search(self.ou,
1289 scope=SCOPE_SUBTREE,
1290 expression="memberOf=cn=u1,%s" % self.ou_users)
1291 self.assertEqual(len(res1), 2)
1292 dn_list = [str(res.dn) for res in res1]
1293 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1294 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1296 res1 = self.ldb.search(self.ou,
1297 scope=SCOPE_SUBTREE,
1298 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1299 self.assertEqual(len(res1), 2)
1300 dn_list = [str(res.dn) for res in res1]
1301 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1302 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1304 res1 = self.ldb.search(self.ou,
1305 scope=SCOPE_SUBTREE,
1306 expression="member=cn=u1,%s" % self.ou_users)
1307 self.assertEqual(len(res1), 0)
1309 res1 = self.ldb.search(self.ou,
1310 scope=SCOPE_SUBTREE,
1311 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1312 self.assertEqual(len(res1), 0)
1314 def test_u2_members(self):
1315 res1 = self.ldb.search(self.ou,
1316 scope=SCOPE_SUBTREE,
1317 expression="memberOf=cn=u2,%s" % self.ou_users)
1318 self.assertEqual(len(res1), 2)
1319 dn_list = [str(res.dn) for res in res1]
1320 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1321 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1323 res1 = self.ldb.search(self.ou,
1324 scope=SCOPE_SUBTREE,
1325 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1326 self.assertEqual(len(res1), 2)
1327 dn_list = [str(res.dn) for res in res1]
1328 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1329 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1331 res1 = self.ldb.search(self.ou,
1332 scope=SCOPE_SUBTREE,
1333 expression="member=cn=u2,%s" % self.ou_users)
1334 self.assertEqual(len(res1), 2)
1335 dn_list = [str(res.dn) for res in res1]
1336 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1337 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1339 res1 = self.ldb.search(self.ou,
1340 scope=SCOPE_SUBTREE,
1341 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1342 self.assertEqual(len(res1), 2)
1343 dn_list = [str(res.dn) for res in res1]
1344 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1345 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1347 def test_u3_members(self):
1348 res1 = self.ldb.search(self.ou,
1349 scope=SCOPE_SUBTREE,
1350 expression="member=cn=u3,%s" % self.ou_users)
1351 self.assertEqual(len(res1), 2)
1352 dn_list = [str(res.dn) for res in res1]
1353 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1354 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1356 res1 = self.ldb.search(self.ou,
1357 scope=SCOPE_SUBTREE,
1358 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1359 self.assertEqual(len(res1), 4)
1360 dn_list = [str(res.dn) for res in res1]
1361 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1362 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1363 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1364 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1366 res1 = self.ldb.search(self.ou,
1367 scope=SCOPE_SUBTREE,
1368 expression="memberOf=cn=u3,%s" % self.ou_users)
1369 self.assertEqual(len(res1), 1)
1370 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1372 res1 = self.ldb.search(self.ou,
1373 scope=SCOPE_SUBTREE,
1374 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1375 self.assertEqual(len(res1), 1)
1376 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1378 def test_u4_members(self):
1379 res1 = self.ldb.search(self.ou,
1380 scope=SCOPE_SUBTREE,
1381 expression="member=cn=u4,%s" % self.ou_users)
1382 self.assertEqual(len(res1), 1)
1383 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1385 res1 = self.ldb.search(self.ou,
1386 scope=SCOPE_SUBTREE,
1387 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1388 self.assertEqual(len(res1), 1)
1389 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1391 res1 = self.ldb.search(self.ou,
1392 scope=SCOPE_SUBTREE,
1393 expression="memberOf=cn=u4,%s" % self.ou_users)
1394 self.assertEqual(len(res1), 2)
1395 dn_list = [str(res.dn) for res in res1]
1396 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1397 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1399 res1 = self.ldb.search(self.ou,
1400 scope=SCOPE_SUBTREE,
1401 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1402 self.assertEqual(len(res1), 2)
1403 dn_list = [str(res.dn) for res in res1]
1404 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1405 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1407 def test_c1_members(self):
1408 res1 = self.ldb.search(self.ou,
1409 scope=SCOPE_SUBTREE,
1410 expression="member=cn=c1,%s" % self.ou_computers)
1411 self.assertEqual(len(res1), 4)
1412 dn_list = [str(res.dn) for res in res1]
1413 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1414 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1415 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1416 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1418 res1 = self.ldb.search(self.ou,
1419 scope=SCOPE_SUBTREE,
1420 expression="member:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1421 self.assertEqual(len(res1), 8)
1422 dn_list = [str(res.dn) for res in res1]
1423 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1424 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1425 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1426 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1427 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1428 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1429 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1430 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1432 res1 = self.ldb.search(self.ou,
1433 scope=SCOPE_SUBTREE,
1434 expression="memberOf=cn=c1,%s" % self.ou_computers)
1435 self.assertEqual(len(res1), 0)
1437 res1 = self.ldb.search(self.ou,
1438 scope=SCOPE_SUBTREE,
1439 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1440 self.assertEqual(len(res1), 0)
1442 def test_c2_members(self):
1443 res1 = self.ldb.search(self.ou,
1444 scope=SCOPE_SUBTREE,
1445 expression="member=cn=c2,%s" % self.ou_computers)
1446 self.assertEqual(len(res1), 1)
1447 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1449 res1 = self.ldb.search(self.ou,
1450 scope=SCOPE_SUBTREE,
1451 expression="member:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1452 self.assertEqual(len(res1), 1)
1453 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1455 res1 = self.ldb.search(self.ou,
1456 scope=SCOPE_SUBTREE,
1457 expression="memberOf=cn=c2,%s" % self.ou_computers)
1458 self.assertEqual(len(res1), 0)
1460 res1 = self.ldb.search(self.ou,
1461 scope=SCOPE_SUBTREE,
1462 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1463 self.assertEqual(len(res1), 0)
1465 def test_c3_members(self):
1466 res1 = self.ldb.search(self.ou,
1467 scope=SCOPE_SUBTREE,
1468 expression="member=cn=c3,%s" % self.ou_computers)
1469 self.assertEqual(len(res1), 2)
1470 dn_list = [str(res.dn) for res in res1]
1471 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1472 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1474 res1 = self.ldb.search(self.ou,
1475 scope=SCOPE_SUBTREE,
1476 expression="member:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1477 self.assertEqual(len(res1), 4)
1478 dn_list = [str(res.dn) for res in res1]
1479 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1480 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1481 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1482 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1484 res1 = self.ldb.search(self.ou,
1485 scope=SCOPE_SUBTREE,
1486 expression="memberOf=cn=c3,%s" % self.ou_computers)
1487 self.assertEqual(len(res1), 0)
1489 res1 = self.ldb.search(self.ou,
1490 scope=SCOPE_SUBTREE,
1491 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1492 self.assertEqual(len(res1), 0)
1494 def test_c4_members(self):
1495 res1 = self.ldb.search(self.ou,
1496 scope=SCOPE_SUBTREE,
1497 expression="member=cn=c4,%s" % self.ou_computers)
1498 self.assertEqual(len(res1), 2)
1499 dn_list = [str(res.dn) for res in res1]
1500 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1501 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1503 res1 = self.ldb.search(self.ou,
1504 scope=SCOPE_SUBTREE,
1505 expression="member:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1506 self.assertEqual(len(res1), 2)
1507 dn_list = [str(res.dn) for res in res1]
1508 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1509 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1511 res1 = self.ldb.search(self.ou,
1512 scope=SCOPE_SUBTREE,
1513 expression="memberOf=cn=c4,%s" % self.ou_computers)
1514 self.assertEqual(len(res1), 0)
1516 res1 = self.ldb.search(self.ou,
1517 scope=SCOPE_SUBTREE,
1518 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1519 self.assertEqual(len(res1), 0)
1521 def test_or_member_queries(self):
1522 res1 = self.ldb.search(self.ou,
1523 scope=SCOPE_SUBTREE,
1524 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1525 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1526 self.ou_computers, self.ou_computers))
1527 self.assertEqual(len(res1), 8)
1528 dn_list = [str(res.dn) for res in res1]
1529 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1530 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1531 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1532 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1533 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1534 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1535 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1536 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1538 res1 = self.ldb.search(self.ou,
1539 scope=SCOPE_SUBTREE,
1540 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1541 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1542 self.ou_computers, self.ou_computers))
1543 self.assertEqual(len(res1), 5)
1544 dn_list = [str(res.dn) for res in res1]
1545 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1546 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1547 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1548 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1549 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1551 res1 = self.ldb.search(self.ou,
1552 scope=SCOPE_SUBTREE,
1553 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1554 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1555 self.ou_computers, self.ou_computers))
1556 self.assertEqual(len(res1), 3)
1557 dn_list = [str(res.dn) for res in res1]
1558 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1559 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1560 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1562 res1 = self.ldb.search(self.ou,
1563 scope=SCOPE_SUBTREE,
1564 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1565 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1566 self.ou_computers, self.ou_computers))
1567 self.assertEqual(len(res1), 6)
1568 dn_list = [str(res.dn) for res in res1]
1569 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1570 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1571 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1572 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1573 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1574 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1576 res1 = self.ldb.search(self.ou,
1577 scope=SCOPE_SUBTREE,
1578 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=u1,%s)"
1579 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1580 self.ou_users, self.ou_computers))
1581 self.assertEqual(len(res1), 2)
1582 dn_list = [str(res.dn) for res in res1]
1583 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1584 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1586 def test_and_member_queries(self):
1587 res1 = self.ldb.search(self.ou,
1588 scope=SCOPE_SUBTREE,
1589 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1590 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1591 self.ou_computers, self.ou_computers))
1592 self.assertEqual(len(res1), 1)
1593 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1595 res1 = self.ldb.search(self.ou,
1596 scope=SCOPE_SUBTREE,
1597 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1598 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1599 self.ou_computers, self.ou_computers))
1600 self.assertEqual(len(res1), 0)
1602 res1 = self.ldb.search(self.ou,
1603 scope=SCOPE_SUBTREE,
1604 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1605 "(member:1.2.840.113556.1.4.1941:=cn=u3,%s))") % (
1606 self.ou_computers, self.ou_users))
1607 self.assertEqual(len(res1), 3)
1608 dn_list = [str(res.dn) for res in res1]
1609 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1610 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1611 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1613 res1 = self.ldb.search(self.ou,
1614 scope=SCOPE_SUBTREE,
1615 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1616 "(member:1.2.840.113556.1.4.1941:=cn=u4,%s))") % (
1617 self.ou_computers, self.ou_computers))
1618 self.assertEqual(len(res1), 0)
1620 def test_or_memberOf_queries(self):
1621 res1 = self.ldb.search(self.ou,
1622 scope=SCOPE_SUBTREE,
1623 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1624 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1625 self.ou_groups, self.ou_groups))
1626 self.assertEqual(len(res1), 6)
1627 dn_list = [str(res.dn) for res in res1]
1628 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1629 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1630 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1631 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1632 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1633 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1635 res1 = self.ldb.search(self.ou,
1636 scope=SCOPE_SUBTREE,
1637 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1638 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1639 self.ou_groups, self.ou_groups))
1640 self.assertEqual(len(res1), 6)
1641 dn_list = [str(res.dn) for res in res1]
1642 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1643 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1644 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1645 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1646 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1647 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1649 res1 = self.ldb.search(self.ou,
1650 scope=SCOPE_SUBTREE,
1651 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1652 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1653 self.ou_groups, self.ou_groups))
1654 self.assertEqual(len(res1), 8)
1655 dn_list = [str(res.dn) for res in res1]
1656 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1657 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1658 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1659 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1660 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1661 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1662 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1663 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1665 res1 = self.ldb.search(self.ou,
1666 scope=SCOPE_SUBTREE,
1667 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1668 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") %
1669 (self.ou_groups, self.ou_groups))
1670 self.assertEqual(len(res1), 5)
1671 dn_list = [str(res.dn) for res in res1]
1672 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1673 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1674 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1675 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1676 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1678 res1 = self.ldb.search(self.ou,
1679 scope=SCOPE_SUBTREE,
1680 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1681 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1682 self.ou_groups, self.ou_groups))
1683 self.assertEqual(len(res1), 7)
1684 dn_list = [str(res.dn) for res in res1]
1685 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1686 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1687 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1688 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1689 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1690 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1691 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1693 res1 = self.ldb.search(self.ou,
1694 scope=SCOPE_SUBTREE,
1695 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1696 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1697 self.ou_groups, self.ou_groups))
1698 self.assertEqual(len(res1), 5)
1699 dn_list = [str(res.dn) for res in res1]
1700 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1701 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1702 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1703 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1704 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1706 def test_and_memberOf_queries(self):
1707 res1 = self.ldb.search(self.ou,
1708 scope=SCOPE_SUBTREE,
1709 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1710 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1711 self.ou_groups, self.ou_groups))
1712 self.assertEqual(len(res1), 5)
1713 dn_list = [str(res.dn) for res in res1]
1714 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1715 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1716 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1717 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1718 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1720 res1 = self.ldb.search(self.ou,
1721 scope=SCOPE_SUBTREE,
1722 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1723 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1724 self.ou_groups, self.ou_groups))
1725 self.assertEqual(len(res1), 3)
1726 dn_list = [str(res.dn) for res in res1]
1727 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1728 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1729 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1731 res1 = self.ldb.search(self.ou,
1732 scope=SCOPE_SUBTREE,
1733 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1734 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1735 self.ou_groups, self.ou_groups))
1736 self.assertEqual(len(res1), 2)
1737 dn_list = [str(res.dn) for res in res1]
1738 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1739 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1741 res1 = self.ldb.search(self.ou,
1742 scope=SCOPE_SUBTREE,
1743 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1744 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1745 self.ou_groups, self.ou_groups))
1746 self.assertEqual(len(res1), 3)
1747 dn_list = [str(res.dn) for res in res1]
1748 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1749 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1750 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1752 res1 = self.ldb.search(self.ou,
1753 scope=SCOPE_SUBTREE,
1754 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1755 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1756 self.ou_groups, self.ou_groups))
1757 self.assertEqual(len(res1), 2)
1758 dn_list = [str(res.dn) for res in res1]
1759 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1760 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1762 res1 = self.ldb.search(self.ou,
1763 scope=SCOPE_SUBTREE,
1764 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1765 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1766 self.ou_groups, self.ou_groups))
1767 self.assertEqual(len(res1), 2)
1768 dn_list = [str(res.dn) for res in res1]
1769 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1770 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1772 res1 = self.ldb.search(self.ou,
1773 scope=SCOPE_SUBTREE,
1774 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1775 "(memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s))") % (
1776 self.ou_groups, self.ou_computers))
1777 self.assertEqual(len(res1), 0)
1779 parser = optparse.OptionParser("match_rules.py [options] <host>")
1780 sambaopts = options.SambaOptions(parser)
1781 parser.add_option_group(sambaopts)
1782 parser.add_option_group(options.VersionOptions(parser))
1784 # use command line creds if available
1785 credopts = options.CredentialsOptions(parser)
1786 parser.add_option_group(credopts)
1787 opts, args = parser.parse_args()
1788 subunitopts = SubunitOptions(parser)
1789 parser.add_option_group(subunitopts)
1792 parser.print_usage()
1797 lp = sambaopts.get_loadparm()
1798 creds = credopts.get_credentials(lp)
1800 if not "://" in host:
1801 if os.path.isfile(host):
1802 host = "tdb://%s" % host
1804 host = "ldap://%s" % host
1806 TestProgram(module=__name__, opts=subunitopts)
git.samba.org / obnox / samba / samba-obnox.git / blob