def setUp(self):
super(ReplAclTestCase, self).setUp()
+ self.mod = "(A;CIOI;GA;;;SY)"
+ self.mod_becomes = "(A;OICIIO;GA;;;SY)"
+ self.mod_inherits_as = "(A;OICIIOID;GA;;;SY)"
+
self.sd_utils_dc1 = sd_utils.SDUtils(self.ldb_dc1)
self.sd_utils_dc2 = sd_utils.SDUtils(self.ldb_dc2)
def test_acl_inheirt_new_object_1_pass(self):
# Set the inherited ACL on the parent OU
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set stuck as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Make a new object
dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou)
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm inherited ACLs are identical
+ # Assert ACL replicated as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+ # Confirm inherited ACLs are identical and were inherited
+
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn),
self.sd_utils_dc2.get_sd_as_sddl(dn))
def test_acl_inheirt_new_object(self):
# Set the inherited ACL on the parent OU
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set stuck as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Replicate to DC2
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm inherited ACLs are identical
+ # Assert ACL replicated as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+ # Confirm inherited ACLs are identical and were inheritied
+
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn),
self.sd_utils_dc2.get_sd_as_sddl(dn))
attrs=[])
# Set the inherited ACL on the parent OU
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set stuck as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Replicate to DC2
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm inherited ACLs are identical
+ # Confirm inherited ACLs are identical and were inherited
+ # Assert ACL replicated as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn),
self.sd_utils_dc2.get_sd_as_sddl(dn))
self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT)
# Set the inherited ACL on the parent OU
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Replicate to DC2
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm inherited ACLs are identical
+ # Assert ACL replicated as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+ # Confirm inherited ACLs are identical and were inherited
+
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn),
self.sd_utils_dc2.get_sd_as_sddl(dn))
attrs=[])
# Set the inherited ACL on the parent OU on DC1
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Replicate to DC2
fromDC=self.dnsname_dc1,
forced=True)
+ # Assert ACL replicated as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(self.ou))
+
# Rename to under self.ou
self.ldb_dc1.rename(new_ou, sub_ou_dn)
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm inherited ACLs are identical
+ # Confirm inherited ACLs are identical and were inherited
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn),
self.sd_utils_dc2.get_sd_as_sddl(sub_ou_dn))
#
# Set the inherited ACL on the grandchild OU (l3) on DC1
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, mod)
+ self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, self.mod)
+
+ # Assert ACL set stuck as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn))
# Rename new_ou (l2) to under self.ou (this must happen second). If the
# inheritence between l3 and l4 is name-based, this could
self.ldb_dc1.rename(new_ou, sub2_ou_dn_final)
+ # Assert ACL set remained as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final))
+
# Replicate to DC2
self._net_drs_replicate(DC=self.dnsname_dc2,
fromDC=self.dnsname_dc1,
forced=True)
- # Confirm set ACLs (on l3 ) are identical.
+ # Confirm set ACLs (on l3 ) are identical and were inherited
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final),
self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final))
- # Confirm inherited ACLs (from l3 to l4) are identical.
+ # Confirm inherited ACLs (from l3 to l4) are identical
+ # and where inherited
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final),
self.sd_utils_dc2.get_sd_as_sddl(sub4_ou_dn_final))
"objectclass": "organizationalUnit"})
# Set the inherited ACL on the parent OU
- mod = "(A;CIOI;GA;;;SY)"
- self.sd_utils_dc1.dacl_add_ace(self.ou, mod)
+ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod)
+
+ # Assert ACL set stuck as expected
+ self.assertIn(self.mod_becomes,
+ self.sd_utils_dc1.get_sd_as_sddl(self.ou))
# Replicate to DC2
# Rename to under self.ou
self.ldb_dc1.rename(new_ou, sub_ou_dn)
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
# Replicate to DC2 (will cause a conflict, DC1 to win, version
# is higher since named twice)
base=self.ou,
attrs=[])
for child in children:
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc2.get_sd_as_sddl(child.dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn),
self.sd_utils_dc2.get_sd_as_sddl(child.dn))
fromDC=self.dnsname_dc2,
forced=True)
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn))
+
for child in children:
+ self.assertIn(self.mod_inherits_as,
+ self.sd_utils_dc1.get_sd_as_sddl(child.dn))
self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(child.dn),
self.sd_utils_dc2.get_sd_as_sddl(child.dn))
git.samba.org / samba.git / commitdiff