Commit 670b864e authored by Gary Lockyer's avatar Gary Lockyer Committed by Karolin Seeger

ldap tests: test scheme for referrals

Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478Signed-off-by: 's avatarGary Lockyer <gary@catalyst.net.nz>
Reviewed-by: 's avatarAndrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)
parent 2cde1306
# Test that ldap referral entiries are created and formatted correctly
#
# Copyright (C) Andrew Bartlett 2019
#
# Based on Unit tests for the notification control
# Copyright (C) Stefan Metzmacher 2016
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from __future__ import print_function
import optparse
import os
import sys
import samba
from samba.auth import system_session
import samba.getopt as options
from samba import ldb
from samba.samdb import SamDB
import samba.tests
from samba.tests.subunitrun import SubunitOptions
sys.path.insert(0, "bin/python")
parser = optparse.OptionParser("ldap_referrals.py [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
# use command line creds if available
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
subunitopts = SubunitOptions(parser)
parser.add_option_group(subunitopts)
opts, args = parser.parse_args()
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
class LdapReferralTest(samba.tests.TestCase):
def setUp(self):
super(LdapReferralTest, self).setUp()
# The referral entries for an ldap request should have the ldap scheme
# i.e. then should all start with "ldap://"
def test_ldap_search(self):
server = os.environ["SERVER"]
url = "ldap://{0}".format(server)
db = SamDB(
url, credentials=creds, session_info=system_session(lp), lp=lp)
res = db.search(
base=db.domain_dn(),
expression="(objectClass=nonexistent)",
scope=ldb.SCOPE_SUBTREE,
attrs=["objectGUID", "samAccountName"])
referals = res.referals
for referal in referals:
self.assertTrue(
referal.startswith("ldap://"),
"{0} does not start with ldap://".format(referal))
# The referral entries for an ldaps request should have the ldaps scheme
# i.e. then should all start with "ldaps://"
def test_ldaps_search(self):
server = os.environ["SERVER"]
url = "ldaps://{0}".format(server)
db = SamDB(
url, credentials=creds, session_info=system_session(lp), lp=lp)
res = db.search(
base=db.domain_dn(),
expression="(objectClass=nonexistent)",
scope=ldb.SCOPE_SUBTREE,
attrs=["objectGUID", "samAccountName"])
referals = res.referals
for referal in referals:
self.assertTrue(
referal.startswith("ldaps://"),
"{0} does not start with ldaps://".format(referal))
^samba.ldap.referrals.samba.tests.ldap_referrals.LdapReferralTest.test_ldaps_search
......@@ -829,6 +829,15 @@ plantestsuite_loadlist("samba4.ldap.sort.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [p
plantestsuite_loadlist("samba4.ldap.vlv.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/vlv.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite_loadlist("samba4.ldap.linked_attributes.python(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [python, os.path.join(samba4srcdir, "dsdb/tests/python/linked_attributes.py"), '$PREFIX_ABS/ad_dc_ntvfs/private/sam.ldb', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
planoldpythontestsuite(
"ad_dc_ntvfs",
"samba.tests.ldap_referrals",
environ={
'SERVER': '$SERVER',
},
name="samba.ldap.referrals",
extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN'])
# These should be the first tests run against testenvs created by backup/restore
for env in ['restoredc', 'renamedc', 'labdc']:
# check that a restored DC matches the original DC (backupfromdc)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment