s4:tests/dirsync: add tests for dirsync with extended_dn

This demonstrates a problems that the extended_dn returned by the dirsync module always uses the SDDL format for GUID/SID components. Azure AD connect reports discovery errors: reference-value-not-ldap-conformant for attributes member and manager. The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without an ExtendedDNRequestValue blob, which means the flag value should be treated as 0 and the HEX string format should be used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2019-10-22 12:12:32 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2019-10-24 09:46:28 +0000
commit: 6d43d82b49c8cd47da2f1489fe8b52d5a873a19c (patch)
tree: 17b08f868593f26aac9ae544efffadd9fc82e9c7 /source4
parent: 9471508391fd3bcf199b1e94f8d9ee2b956e8f8e (diff)
download: samba-6d43d82b49c8cd47da2f1489fe8b52d5a873a19c.tar.gz
1 files changed, 31 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/dirsync.py b/source4/dsdb/tests/python/dirsync.py
index 8b46357c670..405980455b7 100755
--- a/source4/dsdb/tests/python/dirsync.py
+++ b/source4/dsdb/tests/python/dirsync.py
@@ -655,6 +655,37 @@ class ExtendedDirsyncTests(SimpleDirsyncTests):
         self.assertEqual(res[0].get("member;range=1-1"), None)
         self.assertEqual(len(res[0].get("member;range=0-0")), 2)
 
+    def test_dirsync_extended_dn(self):
+        """Check that dirsync works together with the extended_dn control"""
+        # Let's search for members
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=["dirsync:1:1:1"])
+
+        self.assertTrue(len(res[0].get("member")) > 0)
+        size = len(res[0].get("member"))
+
+        resEX1 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:1"])
+        self.assertTrue(len(resEX1[0].get("member")) > 0)
+        sizeEX1 = len(resEX1[0].get("member"))
+        self.assertEqual(sizeEX1, size)
+        self.assertIn(res[0]["member"][0], resEX1[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX1[0]["member"][0])
+        self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0])
+
+        resEX0 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:0"])
+        self.assertTrue(len(resEX0[0].get("member")) > 0)
+        sizeEX0 = len(resEX0[0].get("member"))
+        self.assertEqual(sizeEX0, size)
+        self.assertIn(res[0]["member"][0], resEX0[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX0[0]["member"][0])
+        self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
+
     def test_dirsync_deleted_items(self):
         """Check that dirsync returnd deleted objects too"""
         # Let's create an OU
author	Stefan Metzmacher <metze@samba.org>	2019-10-22 12:12:32 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2019-10-24 09:46:28 +0000
commit	6d43d82b49c8cd47da2f1489fe8b52d5a873a19c (patch)
tree	17b08f868593f26aac9ae544efffadd9fc82e9c7 /source4
parent	9471508391fd3bcf199b1e94f8d9ee2b956e8f8e (diff)
download	samba-6d43d82b49c8cd47da2f1489fe8b52d5a873a19c.tar.gz