[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-924-ga076d9f
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Oct 2 11:32:02 MDT 2009
The branch, master has been updated
via a076d9fb597099d5d9dd465750079d9ebc922248 (commit)
via 26516032694f88ecf28705fb93dadfeadab96691 (commit)
via d2ac4cbceeab35b95dd892390b46adbf6bc65815 (commit)
via 2f211daa47d16eddb807f8cde00509f62be7fd1f (commit)
via e6d82267454a4678484b62cd5b28527f845af84f (commit)
via ab9c2320661901c05b217cc86a46e8b15e3f8425 (commit)
from 2cbff7496e477f9af180a564dbd908ec2a968716 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a076d9fb597099d5d9dd465750079d9ebc922248
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 2 18:31:38 2009 +0200
s4:ldap.py - major enhancements
- Clean up and reorder it a bit
- Test which adds invalid attributes
- Test which makes sure that the 'distinguishedName' attribute cannot be modified
- Test which makes sure that we cannot change the RDN/'name' attribute through a modify request
commit 26516032694f88ecf28705fb93dadfeadab96691
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 23 21:12:00 2009 -0700
s4:ldb Don't allow RDN to be modified with an LDB modify message
Found by the Microsoft testsuite at the AD interop event.
Andrew Bartlett
commit d2ac4cbceeab35b95dd892390b46adbf6bc65815
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 2 19:09:13 2009 +0200
s4:rdn_name module - a normal error message should be enough for this failure
I don't think that we really want to have this error printed out on the server
console (stdout) since this hasn't serious results as DB or data corruption
and similar.
commit 2f211daa47d16eddb807f8cde00509f62be7fd1f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 24 17:20:55 2009 -0700
s4:ldb Don't allow modifcation of distinguishedName
commit e6d82267454a4678484b62cd5b28527f845af84f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 25 16:40:30 2009 -0700
s4:dsdb Return correct error on invalid attribute
This error per the Microsoft testsuite
commit ab9c2320661901c05b217cc86a46e8b15e3f8425
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 23 21:13:22 2009 -0700
s4:dsdb Pass down the exact error code on failure in repl_meta_data
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/objectclass.c | 3 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 10 +-
source4/lib/ldb/ldb_tdb/ldb_tdb.c | 8 +-
source4/lib/ldb/modules/rdn_name.c | 47 +++-
source4/lib/ldb/tests/python/ldap.py | 289 +++++++++++++++--------
5 files changed, 240 insertions(+), 117 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index cc88d6b..6d22141 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -361,7 +361,8 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch
if (!attribute) {
if (strcasecmp(msg->elements[i].name, "clearTextPassword") != 0) {
ldb_asprintf_errstring(ldb, "attribute %s is not a valid attribute in schema", msg->elements[i].name);
- return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE;
+ /* Apparently Windows sends exactly this behaviour */
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
}
} else {
msg->elements[i].name = attribute->lDAPDisplayName;
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 73c070a..59dc2ec 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -667,27 +667,27 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
ret = ldb_msg_add_value(msg, "objectGUID", &guid_value, NULL);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ return ret;
}
ret = ldb_msg_add_string(msg, "whenChanged", time_str);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ return ret;
}
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNCreated", seq_num);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ return ret;
}
ret = samdb_msg_add_uint64(ldb, msg, msg, "uSNChanged", seq_num);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ return ret;
}
ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL);
if (ret != LDB_SUCCESS) {
ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+ return ret;
}
/*
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index 55acb61..7427b98 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -621,8 +621,14 @@ int ltdb_modify_internal(struct ldb_module *module,
struct ldb_val *vals;
const char *dn;
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
- switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
+ if (ldb_attr_cmp(el->name, "distinguishedName") == 0) {
+ ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on distinguishedName (use rename instead): %s",
+ ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
case LDB_FLAG_MOD_ADD:
/* add this element to the message. fail if it
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c
index 8b54f52..5269a6a 100644
--- a/source4/lib/ldb/modules/rdn_name.c
+++ b/source4/lib/ldb/modules/rdn_name.c
@@ -1,7 +1,7 @@
/*
ldb database library
- Copyright (C) Andrew Bartlett 2005
+ Copyright (C) Andrew Bartlett 2005-2009
Copyright (C) Simo Sorce 2006-2008
** NOTE! The following LGPL license applies to the ldb
@@ -156,15 +156,17 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req)
}
}
if (i == attribute->num_values) {
- char *rdn_errstring = talloc_asprintf(ac, "RDN mismatch on %s: %s (%.*s) should match one of:",
- ldb_dn_get_linearized(msg->dn), rdn_name,
- (int)rdn_val.length, (const char *)rdn_val.data);
+ char *rdn_errstring = talloc_asprintf(ac,
+ "RDN mismatch on %s: %s (%.*s) should match one of:",
+ ldb_dn_get_linearized(msg->dn), rdn_name,
+ (int)rdn_val.length, (const char *)rdn_val.data);
for (i = 0; i < attribute->num_values; i++) {
- rdn_errstring = talloc_asprintf_append(rdn_errstring, " (%.*s)",
- (int)attribute->values[i].length,
- (const char *)attribute->values[i].data);
+ rdn_errstring = talloc_asprintf_append(
+ rdn_errstring, " (%.*s)",
+ (int)attribute->values[i].length,
+ (const char *)attribute->values[i].data);
}
- ldb_debug_set(ldb, LDB_DEBUG_FATAL, "%s", rdn_errstring);
+ ldb_set_errstring(ldb, rdn_errstring);
talloc_free(ac);
/* Match AD's error here */
return LDB_ERR_INVALID_DN_SYNTAX;
@@ -327,8 +329,37 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, down_req);
}
+static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+
+ ldb = ldb_module_get_ctx(module);
+ ldb_debug(ldb, LDB_DEBUG_TRACE, "rdn_name_rename");
+
+ /* do not manipulate our control entries */
+ if (ldb_dn_is_special(req->op.mod.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ if (ldb_msg_find_element(req->op.mod.message, "name")) {
+ ldb_asprintf_errstring(ldb, "Modify of 'name' on %s not permitted, must use 'rename' operation instead",
+ ldb_dn_get_linearized(req->op.mod.message->dn));
+ return LDB_ERR_NOT_ALLOWED_ON_RDN;
+ }
+
+ if (ldb_msg_find_element(req->op.mod.message, ldb_dn_get_rdn_name(req->op.mod.message->dn))) {
+ ldb_asprintf_errstring(ldb, "Modify of RDN '%s' on %s not permitted, must use 'rename' operation instead",
+ ldb_dn_get_rdn_name(req->op.mod.message->dn), ldb_dn_get_linearized(req->op.mod.message->dn));
+ return LDB_ERR_NOT_ALLOWED_ON_RDN;
+ }
+
+ /* All OK, they kept their fingers out of the special attributes */
+ return ldb_next_request(module, req);
+}
+
const struct ldb_module_ops ldb_rdn_name_module_ops = {
.name = "rdn_name",
.add = rdn_name_add,
+ .modify = rdn_name_modify,
.rename = rdn_name_rename,
};
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 5b2d380..bc90d3d 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -19,8 +19,27 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
-from ldb import Message, MessageElement, Dn, FLAG_MOD_REPLACE
+from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INSUFFICIENT_ACCESS_RIGHTS
+from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
+from ldb import Message, MessageElement, Dn, FLAG_MOD_ADD, FLAG_MOD_REPLACE
from samba import Ldb, param, dom_sid_to_rid
+from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT
+from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT
+from samba import UF_INTERDOMAIN_TRUST_ACCOUNT
+from samba import UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE
+from samba import GTYPE_SECURITY_BUILTIN_LOCAL_GROUP
+from samba import GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP
+from samba import GTYPE_SECURITY_UNIVERSAL_GROUP
+from samba import GTYPE_DISTRIBUTION_GLOBAL_GROUP
+from samba import GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP
+from samba import GTYPE_DISTRIBUTION_UNIVERSAL_GROUP
+from samba import ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST
+from samba import ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP
+from samba import ATYPE_SECURITY_UNIVERSAL_GROUP
+from samba import ATYPE_DISTRIBUTION_GLOBAL_GROUP
+from samba import ATYPE_DISTRIBUTION_LOCAL_GROUP
+from samba import ATYPE_DISTRIBUTION_UNIVERSAL_GROUP
+
from subunit import SubunitTestRunner
import unittest
@@ -83,30 +102,111 @@ class BasicTests(unittest.TestCase):
print "baseDN: %s\n" % self.base_dn
self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestuser4,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà ,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
+ self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
- def test_group_add_invalid_member(self):
- """Testing group add with invalid member"""
+ def test_invalid_attribute(self):
+ """Test adding invalid attributes (not in schema)"""
+ print "Test adding invalid attributes (not in schema)"""
+
try:
self.ldb.add({
- "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
"objectclass": "group",
- "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
+ "thisdoesnotexist": "x"})
self.fail()
except LdbError, (num, _):
- self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+ self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
+
+ self.ldb.add({
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+ m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
+ "thisdoesnotexist")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
+
+ ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+
+ def test_distinguished_name(self):
+ """Tests the 'distinguishedName' attribute"""
+ print "Tests the 'distinguishedName' attribute"""
+
+ self.ldb.add({
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["distinguishedName"] = MessageElement(
+ "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
+ "distinguishedName")
+
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
+
+ def test_rdn_name(self):
+ """Tests the RDN"""
+ print "Tests the RDN"""
+
+ self.ldb.add({
+ "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
+ "objectclass": "group"})
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
+ "name")
+
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["cn"] = MessageElement("ldaptestuser",
+ FLAG_MOD_REPLACE, "cn")
+
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
+
+ ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
def test_parentGUID(self):
"""Test parentGUID behaviour"""
print "Testing parentGUID behaviour\n"
+ # TODO: This seems to fail on Windows Server. Hidden attribute?
+
self.ldb.add({
"dn": "cn=parentguidtest,cn=users," + self.base_dn,
"objectclass":"user",
@@ -117,7 +217,6 @@ class BasicTests(unittest.TestCase):
attrs=["objectGUID"]);
self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
- """Test parentGUID behaviour"""
print "Testing parentGUID behaviour on rename\n"
self.ldb.add({
@@ -131,12 +230,13 @@ class BasicTests(unittest.TestCase):
scope=SCOPE_BASE,
attrs=["parentGUID"]);
self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
- ldb.delete("cn=parentguidtest,cn=testotherusers," + self.base_dn)
- ldb.delete("cn=testotherusers," + self.base_dn)
- def test_groupType(self):
- """Test groupType behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
- print "Testing groupType behaviour\n"
+ self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
+ self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
+
+ def test_groupType_int32(self):
+ """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
+ print "Testing groupType (int32) behaviour\n"
res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
attrs=["groupType"], expression="groupType=2147483653");
@@ -150,13 +250,9 @@ class BasicTests(unittest.TestCase):
self.assertEquals(res1[0]["groupType"][0], "-2147483643")
- def test_primary_group(self):
- """This tests the primary group behaviour (setting, changing) of a user account"""
- print "Testing primary group behaviour\n"
-
- ldb.add({
- "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
- "objectclass": ["user", "person"]})
+ def test_groups(self):
+ """This tests the group behaviour (setting, changing) of a user account"""
+ print "Testing group behaviour\n"
ldb.add({
"dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
@@ -178,6 +274,33 @@ class BasicTests(unittest.TestCase):
group_rid_2 = dom_sid_to_rid(ldb.schema_format_value("objectSID",
res1[0]["objectSID"][0]))
+ # Try to create a user with an invalid primary group
+ try:
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"],
+ "primaryGroupID": "0"})
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ # Try to Create a user with a valid primary group
+# TODO Some more investigation needed here
+# try:
+# ldb.add({
+# "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+# "objectclass": ["user", "person"],
+# "primaryGroupID": str(group_rid_1)})
+# self.fail()
+# except LdbError, (num, _):
+# self.assertEquasl(num, ERR_UNWILLING_TO_PERFORM)
+# self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+
+ ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectclass": ["user", "person"]})
+
# Try to add invalid primary group
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@@ -231,6 +354,18 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
+ # Try to add invalid member to group 1 - should be denied
+ m = Message()
+ m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+ m["member"] = MessageElement(
+ "cn=ldaptestuser3,cn=users," + self.base_dn,
+ FLAG_MOD_ADD, "member")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_NO_SUCH_OBJECT)
+
# Make group 2 secondary
m = Message()
m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
@@ -302,7 +437,7 @@ class BasicTests(unittest.TestCase):
rid = dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0]))
self.assertEquals(primary_group_token, rid)
-# Has to wait until we support read-only generated attributes correctly
+# TODO Has to wait until we support read-only generated attributes correctly
# m = Message()
# m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
# m["primaryGroupToken"] = "100"
@@ -319,8 +454,6 @@ class BasicTests(unittest.TestCase):
print "Testing user add"
- self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-
ldb.add({
"dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
"objectclass": ["user", "person"],
@@ -328,27 +461,22 @@ class BasicTests(unittest.TestCase):
"givenname": "ldap",
"sn": "testy"})
- self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-
ldb.add({
"dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
"objectclass": "group",
"member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
- self.delete_force(ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
ldb.add({
"dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
"objectclass": "computer",
"cN": "LDAPtestCOMPUTER"})
- self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
"objectClass": "computer",
"cn": "LDAPtest2COMPUTER",
- "userAccountControl": "4096",
+ "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
"displayname": "ldap testy"})
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
try:
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
"objectClass": "computer",
@@ -358,50 +486,16 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
- try:
- ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
- "objectClass": "computer",
- "cn": "ldaptestcomputer3",
- "sAMAccountType": "805306368"
- })
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
try:
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
"objectClass": "computer",
"cn": "ldaptestcomputer3",
- "userAccountControl": "0"
- })
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
- self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn)
- try:
- ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn,
- "objectClass": "user",
- "cn": "LDAPtestuser7",
- "userAccountControl": "0"
+ "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
})
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn)
-
- ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn,
- "objectClass": "user",
- "cn": "LDAPtestuser7",
- "userAccountControl": "2"
- })
-
- self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn)
-
- self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
"objectClass": "computer",
"cn": "LDAPtestCOMPUTER3"
@@ -423,8 +517,8 @@ class BasicTests(unittest.TestCase):
self.assertTrue("whenCreated" in res[0])
self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
- self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368);
- self.assertEquals(int(res[0]["userAccountControl"][0]), 546);
--
Samba Shared Repository
More information about the samba-cvs
mailing list