diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2019-05-21 13:14:08 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-24 03:19:18 +0000 |
commit | 6ccf74cf878c295903673e3a1d1ed924a5e87547 (patch) | |
tree | 7c5037f6fed5bd48d4d37200c450cb1583f74a52 | |
parent | 163897f12538ae12dbc2bd556adcc1abc4f0f438 (diff) | |
download | samba-6ccf74cf878c295903673e3a1d1ed924a5e87547.tar.gz |
ldap tests: test scheme for referrals
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | python/samba/tests/ldap_referrals.py | 91 | ||||
-rw-r--r-- | selftest/knownfail.d/ldap_referrals | 1 | ||||
-rwxr-xr-x | source4/selftest/tests.py | 8 |
3 files changed, 100 insertions, 0 deletions
diff --git a/python/samba/tests/ldap_referrals.py b/python/samba/tests/ldap_referrals.py new file mode 100644 index 00000000000..86a39d4e602 --- /dev/null +++ b/python/samba/tests/ldap_referrals.py @@ -0,0 +1,91 @@ +# Test that ldap referral entiries are created and formatted correctly +# +# Copyright (C) Andrew Bartlett 2019 +# +# Based on Unit tests for the notification control +# Copyright (C) Stefan Metzmacher 2016 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from __future__ import print_function +import optparse +import os +import sys + +import samba +from samba.auth import system_session +import samba.getopt as options +from samba import ldb +from samba.samdb import SamDB +import samba.tests +from samba.tests.subunitrun import SubunitOptions + +sys.path.insert(0, "bin/python") +parser = optparse.OptionParser("ldap_referrals.py [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +# use command line creds if available +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +subunitopts = SubunitOptions(parser) +parser.add_option_group(subunitopts) +opts, args = parser.parse_args() + +lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + + +class LdapReferralTest(samba.tests.TestCase): + + def setUp(self): + super(LdapReferralTest, self).setUp() + + # The referral entries for an ldap request should have the ldap scheme + # i.e. then should all start with "ldap://" + def test_ldap_search(self): + server = os.environ["SERVER"] + url = "ldap://{0}".format(server) + db = SamDB( + url, credentials=creds, session_info=system_session(lp), lp=lp) + res = db.search( + base=db.domain_dn(), + expression="(objectClass=nonexistent)", + scope=ldb.SCOPE_SUBTREE, + attrs=["objectGUID", "samAccountName"]) + + referals = res.referals + for referal in referals: + self.assertTrue( + referal.startswith("ldap://"), + "{0} does not start with ldap://".format(referal)) + + # The referral entries for an ldaps request should have the ldaps scheme + # i.e. then should all start with "ldaps://" + def test_ldaps_search(self): + server = os.environ["SERVER"] + url = "ldaps://{0}".format(server) + db = SamDB( + url, credentials=creds, session_info=system_session(lp), lp=lp) + res = db.search( + base=db.domain_dn(), + expression="(objectClass=nonexistent)", + scope=ldb.SCOPE_SUBTREE, + attrs=["objectGUID", "samAccountName"]) + + referals = res.referals + for referal in referals: + self.assertTrue( + referal.startswith("ldaps://"), + "{0} does not start with ldaps://".format(referal)) diff --git a/selftest/knownfail.d/ldap_referrals b/selftest/knownfail.d/ldap_referrals new file mode 100644 index 00000000000..403f0d3bd6d --- /dev/null +++ b/selftest/knownfail.d/ldap_referrals @@ -0,0 +1 @@ +^samba.ldap.referrals.samba.tests.ldap_referrals.LdapReferralTest.test_ldaps_search diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index aca41f261cd..f807bf75519 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -912,6 +912,14 @@ plantestsuite_loadlist("samba4.ldap.subtree_rename.python(ad_dc_ntvfs)", '$LOADLIST', '$LISTOPT']) +planoldpythontestsuite( + "ad_dc_default", + "samba.tests.ldap_referrals", + environ={ + 'SERVER': '$SERVER', + }, + name="samba.ldap.referrals", + extra_args=['-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) # These should be the first tests run against testenvs created by backup/restore for env in ['offlinebackupdc', 'restoredc', 'renamedc', 'labdc']: |