diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-10-22 12:12:32 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-10-24 09:46:28 +0000 |
commit | 6d43d82b49c8cd47da2f1489fe8b52d5a873a19c (patch) | |
tree | 17b08f868593f26aac9ae544efffadd9fc82e9c7 /source4 | |
parent | 9471508391fd3bcf199b1e94f8d9ee2b956e8f8e (diff) | |
download | samba-6d43d82b49c8cd47da2f1489fe8b52d5a873a19c.tar.gz |
s4:tests/dirsync: add tests for dirsync with extended_dn
This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the SDDL format for GUID/SID
components.
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/dsdb/tests/python/dirsync.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/dirsync.py b/source4/dsdb/tests/python/dirsync.py index 8b46357c670..405980455b7 100755 --- a/source4/dsdb/tests/python/dirsync.py +++ b/source4/dsdb/tests/python/dirsync.py @@ -655,6 +655,37 @@ class ExtendedDirsyncTests(SimpleDirsyncTests): self.assertEqual(res[0].get("member;range=1-1"), None) self.assertEqual(len(res[0].get("member;range=0-0")), 2) + def test_dirsync_extended_dn(self): + """Check that dirsync works together with the extended_dn control""" + # Let's search for members + self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass) + res = self.ldb_simple.search(self.base_dn, + expression="(name=Administrators)", + controls=["dirsync:1:1:1"]) + + self.assertTrue(len(res[0].get("member")) > 0) + size = len(res[0].get("member")) + + resEX1 = self.ldb_simple.search(self.base_dn, + expression="(name=Administrators)", + controls=["dirsync:1:1:1","extended_dn:1:1"]) + self.assertTrue(len(resEX1[0].get("member")) > 0) + sizeEX1 = len(resEX1[0].get("member")) + self.assertEqual(sizeEX1, size) + self.assertIn(res[0]["member"][0], resEX1[0]["member"][0]) + self.assertIn(b"<GUID=", resEX1[0]["member"][0]) + self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0]) + + resEX0 = self.ldb_simple.search(self.base_dn, + expression="(name=Administrators)", + controls=["dirsync:1:1:1","extended_dn:1:0"]) + self.assertTrue(len(resEX0[0].get("member")) > 0) + sizeEX0 = len(resEX0[0].get("member")) + self.assertEqual(sizeEX0, size) + self.assertIn(res[0]["member"][0], resEX0[0]["member"][0]) + self.assertIn(b"<GUID=", resEX0[0]["member"][0]) + self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0]) + def test_dirsync_deleted_items(self): """Check that dirsync returnd deleted objects too""" # Let's create an OU |