self.assertEqual(len(res), 0)
def test_add_u1(self):
- """Testing OU with the rights of Doman Admin not creator of the OU """
+ """Testing OU with the rights of Domain Admin not creator of the OU """
self.assert_top_ou_deleted()
# Change descriptor for top level OU
self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
self.ldb_notowner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
# Make sure we HAVE created the two objects -- user and group
- # !!! We should not be able to do that, but however beacuse of ACE ordering our inherited Deny ACE
+ # !!! We should not be able to do that, but however because of ACE ordering our inherited Deny ACE
# !!! comes after explicit (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA) that comes from somewhere
res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
self.assertEqual(len(res), 0)
def test_add_u4(self):
- """ 4 Testing OU with the rights of Doman Admin creator of the OU"""
+ """ 4 Testing OU with the rights of Domain Admin creator of the OU"""
self.assert_top_ou_deleted()
self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
self.assertEqual(len(res), 0)
def test_delete_u3(self):
- """User indentified by SID has RIGHT_DELETE to another User object"""
+ """User identified by SID has RIGHT_DELETE to another User object"""
user_dn = self.get_user_dn("test_delete_user1")
# Create user that we try to delete
self.ldb_admin.newuser("test_delete_user1", self.user_pass)
minPwdAge = self.ldb_admin.get_minPwdAge()
# Reset the "minPwdAge" as it was before
self.addCleanup(self.ldb_admin.set_minPwdAge, minPwdAge)
- # Set it temporarely to "0"
+ # Set it temporarily to "0"
self.ldb_admin.set_minPwdAge("0")
self.user_with_wp = "acl_car_user1"
self.sd_utils.dacl_add_ace(self.deleted_dn2, mod)
self.undelete_deleted(self.deleted_dn2, self.testuser2_dn)
- # attempt undelete with simultanious addition of url, WP to which is denied
+ # attempt undelete with simultaneous addition of url, WP to which is denied
mod = "(OD;;WP;9a9a0221-4a5b-11d1-a9c3-0000f80367c1;;%s)" % str(self.sid)
self.sd_utils.dacl_add_ace(self.deleted_dn3, mod)
try:
maybe_not = ['!(', '']
joiners = ['&', '|']
- # The number of permuations is 18432, which is not huge but
+ # The number of permutations is 18432, which is not huge but
# would take hours to search. So we take a sample.
all_permutations = list(itertools.product(joiners,
classes, classes,
self.attr_filters = [None, ["*"], ["name"]]
- # Note dirsync behaviour is slighty different for the attribute under
+ # Note dirsync behaviour is slightly different for the attribute under
# test - when you have full access rights, it only returns the objects
# that actually have this attribute (i.e. it doesn't return an empty
# message with just the DN). So we add the 'name' attribute into the
self.assertEqual(len(res.msgs[0]), 3)
def test_dirsync_othernc(self):
- """Check that dirsync return information for entries that are normaly referrals (ie. other NCs)"""
+ """Check that dirsync return information for entries that are normally referrals (ie. other NCs)"""
res = self.ldb_admin.search(self.base_dn,
expression="(objectclass=configuration)",
attrs=["name"],
delete_force(self.ldb_admin, ouname)
def test_dirsync_linkedattributes(self):
- """Check that dirsync returnd deleted objects too"""
+ """Check that dirsync returned deleted objects too"""
# Let's search for members
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
res = self.ldb_simple.search(self.base_dn,
self.assertEqual(len(res[0].get("member")), 0)
def test_dirsync_deleted_items(self):
- """Check that dirsync returnd deleted objects too"""
+ """Check that dirsync returned deleted objects too"""
# Let's create an OU
ouname = "OU=testou3,%s" % self.base_dn
self.ouname = ouname
self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
def test_dirsync_deleted_items(self):
- """Check that dirsync returnd deleted objects too"""
+ """Check that dirsync returned deleted objects too"""
# Let's create an OU
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
ouname = "OU=testou3,%s" % self.base_dn
(num, _) = e.args
self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
- # We cannot instanciate from an abstract object class ("connectionPoint"
+ # We cannot instantiate from an abstract object class ("connectionPoint"
# or "leaf"). In the first case we use "connectionPoint" (subclass of
# "leaf") to prevent a naming violation - this returns us a
# "ERR_UNWILLING_TO_PERFORM" since it is not structural. In the second
(num, _) = e.args
self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
- # Objects instanciated using "satisfied" abstract classes (concrete
+ # Objects instantiated using "satisfied" abstract classes (concrete
# subclasses) are allowed
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
"objectClass": "person"})
# We can remove derivation classes of the structural objectclass
- # but they're going to be readded afterwards
+ # but they're going to be re-added afterwards
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
def test_groupType_int32(self):
- """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
+ """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparison)"""
res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
attrs=["groupType"], expression="groupType=2147483653")
"givenname": "testy",
"sn": "ldap user2"})
- # Testing Ambigious Name Resolution
+ # Testing Ambiguous Name Resolution
# Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
self.assertEqual(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
# Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
- self.assertEqual(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
+ self.assertEqual(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistent with subtree renames?")
# Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
try:
delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with SDDL security descriptor input
- # New desctiptor test
+ # New descriptor test
#
try:
self.ldb.add_ldif("""
clusters = {}
for i, attrs in enumerate(permutations(mod_attrs)):
- # for each permuation we construct a string describing the
+ # for each permutation we construct a string describing the
# requested operations, and a string describing the result
# (which may be an exception). The we cluster the
# attribute strings by their results.
self._test_modify_order(start_attrs, mod_attrs)
def test_modify_order_inapplicable(self):
- #attrbutes that don't go on a user
+ #attributes that don't go on a user
start_attrs = [("objectclass", "user"),
("givenName", "a")]
expression="(%s=S:5:ABCDE)" % self.dn_string_attribute)
self.assertEqual(len(res), 0)
- # search by DN+Stirng
+ # search by DN+String
res = self.ldb.search(base=self.base_dn,
scope=SCOPE_SUBTREE,
expression="(%s=S:5:ABCDE:%s)" % (self.dn_string_attribute, self.base_dn))
self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
def test_dn_binary(self):
- # add obeject with correct value
+ # add object with correct value
object_name1 = "obj-DN-Binary1" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
self.dn_binary_attribute, ": B:4:1234:" + self.base_dn)
ldap_url = self.host_url
print("Performs a lockout attempt against LDAP using NTLM")
- # get the intial logon values for this user
+ # get the initial logon values for this user
res = self._check_account(userdn,
badPwdCount=0,
badPasswordTime=("greater", 0),
self.set_attribute(group2, "member", group1)
self.assert_PSO_applied(user, group2_pso)
- # add another level to the group heirachy & check this PSO takes effect
+ # add another level to the group hierarchy & check this PSO takes effect
self.set_attribute(group3, "member", group2)
self.assert_PSO_applied(user, group3_pso)
# the msDS-ResultantPSO attribute on a user that doesn't exist yet (it
# won't have any group membership or PSOs applied directly against it yet).
# In theory it's possible to still get an applicable PSO via the user's
- # primaryGroupID (i.e. 'Domain Users' by default). However, testing aginst
+ # primaryGroupID (i.e. 'Domain Users' by default). However, testing against
# Windows shows that the PSO doesn't take effect during the user add
# operation. (However, the Windows GUI tools presumably adds the user in 2
# steps, because it does enforce the PSO for users added via the GUI).
def test_zero_length(self):
# Get the old "minPwdLength"
minPwdLength = self.ldb.get_minPwdLength()
- # Set it temporarely to "0"
+ # Set it temporarily to "0"
self.ldb.set_minPwdLength("0")
# Get the old "pwdProperties"
pwdProperties = self.ldb.get_pwdProperties()
- # Set them temporarely to "0" (to deactivate eventually the complexity)
+ # Set them temporarily to "0" (to deactivate eventually the complexity)
self.ldb.set_pwdProperties("0")
self.ldb.setpassword("(sAMAccountName=testuser)", "")
def test_protected_sid_objects(self):
"""Test deletion of objects with RID < 1000"""
# a list of some well-known sids
- # objects in Builtin are aready covered by objectclass
+ # objects in Builtin are already covered by objectclass
protected_list = [
["CN=Domain Admins", "CN=Users,"],
["CN=Schema Admins", "CN=Users,"],
# Tests for SCHEMA
- # Defalt descriptor tests ##################################################################
+ # Default descriptor tests ##################################################################
def test_130(self):
user_name = "testuser1"
# Tests for CONFIGURATION
- # Defalt descriptor tests ##################################################################
+ # Default descriptor tests ##################################################################
def test_160(self):
user_name = "testuser1"
_ldb = self.get_ldb_connection("testuser_attr", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
- # user whould have no rights at all
+ # user should have no rights at all
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), "0")
# give the user Write DACL and see what happens
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
- # user whould have DACL_SECURITY_INFORMATION
+ # user should have DACL_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % SECINFO_DACL)
# give the user Write Owners and see what happens
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
- # user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
+ # user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER))
- # no way to grant security privilege bu adding ACE's so we use a memeber of Domain Admins
+ # no way to grant security privilege bu adding ACE's so we use a member of Domain Admins
_ldb = self.get_ldb_connection("testuser_attr2", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
- # user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
+ # user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]),
("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER | SECINFO_SACL))
extra_sidset = set(extra_sids)
if len(missing_sidset.symmetric_difference(extra_sidset)):
- print("dn token sids unexpeted")
+ print("dn token sids unexpected")
print("tokengroups: %s" % dn_tokengroups)
print("user sids: %s" % self.user_sids)
print("actual difference: %s" % missing_sidset)
extra_sidset = set(extra_sids)
if len(missing_sidset.symmetric_difference(extra_sidset)):
- print("dn token sids unexpeted")
+ print("dn token sids unexpected")
print("tokengroups: %s" % dn_tokengroups)
print("user sids: %s" % self.user_sids)
print("actual difference: %s" % missing_sidset)
self.add_computer_ldap(computername, others={"userAccountControl": [str(bit_add)]})
delete_force(self.admin_samdb, "CN=%s,%s" % (computername, self.OU))
if bit in priv_bits:
- self.fail("Unexpectdly able to set userAccountControl bit 0x%08X (%s) on %s"
+ self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s) on %s"
% (bit, bit_str, computername))
except LdbError as e4: