from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_ACCOUNTDISABLE,
UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
UF_PARTIAL_SECRETS_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT,
- UF_PASSWD_NOTREQD, ATYPE_NORMAL_ACCOUNT,
+ UF_PASSWD_NOTREQD, UF_LOCKOUT, UF_PASSWORD_EXPIRED, ATYPE_NORMAL_ACCOUNT,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP,
GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP,
GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP, GTYPE_DISTRIBUTION_GLOBAL_GROUP,
# password yet.
# With SYSTEM rights you can set a interdomain trust account.
- # Invalid attribute
- try:
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": "user",
- "userAccountControl": "0"})
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": "0"})
+
+ res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
# This has to wait until s4 supports it (needs a password module change)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": "user",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)})
+
+ res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+ self.assertFalse("lockoutTime" in res1[0])
+ self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+ delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
try:
ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_ACCOUNTDISABLE),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
+ m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res1 = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+ self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
+ self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
# password yet.
# With SYSTEM rights you can set a interdomain trust account.
- # Invalid attribute
- try:
- ldb.add({
- "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
- "objectclass": "computer",
- "userAccountControl": "0"})
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ ldb.add({
+ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ "objectclass": "computer",
+ "userAccountControl": "0"})
+
+ res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
# This has to wait until s4 supports it (needs a password module change)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ ldb.add({
+ "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ "objectclass": "computer",
+ "userAccountControl": str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_LOCKOUT | UF_PASSWORD_EXPIRED)})
+
+ res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+ self.assertFalse("lockoutTime" in res1[0])
+ self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+ delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+
try:
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
ATYPE_NORMAL_ACCOUNT)
self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_ACCOUNTDISABLE),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE != 0)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["lockoutTime"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "lockoutTime")
+ m["pwdLastSet"] = MessageElement(str(samba.unix2nttime(0)), FLAG_MOD_REPLACE, "pwdLastSet")
+ ldb.modify(m)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["userAccountControl"] = MessageElement(
+ str(UF_LOCKOUT | UF_PASSWORD_EXPIRED),
+ FLAG_MOD_REPLACE, "userAccountControl")
+ ldb.modify(m)
+
+ res1 = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE,
+ attrs=["sAMAccountType", "userAccountControl", "lockoutTime", "pwdLastSet"])
+ self.assertTrue(len(res1) == 1)
+ self.assertEquals(int(res1[0]["sAMAccountType"][0]),
+ ATYPE_NORMAL_ACCOUNT)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_NORMAL_ACCOUNT != 0)
+ self.assertTrue(int(res1[0]["userAccountControl"][0]) & (UF_LOCKOUT | UF_PASSWORD_EXPIRED) == 0)
+ self.assertTrue(int(res1[0]["lockoutTime"][0]) == 0)
+ self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
+
try:
m = Message()
m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
self.assertTrue(len(res) == 1)
self.assertEquals(res[0]["dNSHostName"][0], "testname2.testdom")
self.assertEquals(res[0]["sAMAccountName"][0], "testname2$")
- self.assertTrue(res[0]["servicePrincipalName"][0] == "HOST/testname2" or
- res[0]["servicePrincipalName"][1] == "HOST/testname2")
- self.assertTrue(res[0]["servicePrincipalName"][0] == "HOST/testname2.testdom" or
- res[0]["servicePrincipalName"][1] == "HOST/testname2.testdom")
+ self.assertTrue(len(res[0]["servicePrincipalName"]) == 2)
+ self.assertTrue("HOST/testname2" in res[0]["servicePrincipalName"])
+ self.assertTrue("HOST/testname2.testdom" in res[0]["servicePrincipalName"])
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["servicePrincipalName"] = MessageElement("HOST/testname2.testdom",
+ FLAG_MOD_ADD, "servicePrincipalName")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["servicePrincipalName"] = MessageElement("HOST/testname3",
+ FLAG_MOD_ADD, "servicePrincipalName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["dNSHostName"][0], "testname2.testdom")
+ self.assertEquals(res[0]["sAMAccountName"][0], "testname2$")
+ self.assertTrue(len(res[0]["servicePrincipalName"]) == 3)
+ self.assertTrue("HOST/testname2" in res[0]["servicePrincipalName"])
+ self.assertTrue("HOST/testname3" in res[0]["servicePrincipalName"])
+ self.assertTrue("HOST/testname2.testdom" in res[0]["servicePrincipalName"])
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ m["dNSHostName"] = MessageElement("testname3.testdom",
+ FLAG_MOD_REPLACE, "dNSHostName")
+ m["servicePrincipalName"] = MessageElement("HOST/testname3.testdom",
+ FLAG_MOD_ADD, "servicePrincipalName")
+ ldb.modify(m)
+
+ res = ldb.search("cn=ldaptestcomputer,cn=computers," + self.base_dn,
+ scope=SCOPE_BASE, attrs=["dNSHostName", "sAMAccountName", "servicePrincipalName"])
+ self.assertTrue(len(res) == 1)
+ self.assertEquals(res[0]["dNSHostName"][0], "testname3.testdom")
+ self.assertEquals(res[0]["sAMAccountName"][0], "testname2$")
+ self.assertTrue(len(res[0]["servicePrincipalName"]) == 3)
+ self.assertTrue("HOST/testname2" in res[0]["servicePrincipalName"])
+ self.assertTrue("HOST/testname3" in res[0]["servicePrincipalName"])
+ self.assertTrue("HOST/testname3.testdom" in res[0]["servicePrincipalName"])
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)