def test_change_password_target_pdc(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) locator = Locator() pdc = locator.locate(domain, role='pdc') user = self._create_user(client, 'test-usr-4', server=pdc) principal = 'test-usr-4@%s' % domain client.set_password(principal, 'Pass123', server=pdc) mods = [] ctrl = AD_USERCTRL_NORMAL_ACCOUNT mods.append(('replace', 'userAccountControl', [str(ctrl)])) mods.append(('replace', 'pwdLastSet', ['0'])) client.modify(user, mods, server=pdc) client.change_password(principal, 'Pass123', 'Pass456', server=pdc) creds = Creds(domain) creds.acquire('test-usr-4', 'Pass456', server=pdc) assert_raises(ADError, creds.acquire, 'test-usr-4', 'Pass321', server=pdc) self._delete_obj(client, user, server=pdc)
def test_search(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) result = client.search('(objectClass=user)') assert len(result) > 1
def test_set_password(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr-1') principal = 'test-usr-1@%s' % domain client.set_password(principal, 'Pass123') mods = [] ctrl = AD_USERCTRL_NORMAL_ACCOUNT mods.append(('replace', 'userAccountControl', [str(ctrl)])) client.modify(user, mods) creds = Creds(domain) creds.acquire('test-usr-1', 'Pass123') assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321') self._delete_obj(client, user)
def test_naming_contexts(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) naming_contexts = client.naming_contexts() assert len(naming_contexts) >= 3
def test_delete(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) dn = self._create_user(client, 'test-usr') client.delete(dn)
def test_search_configuration(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) base = client.configuration_base() result = client.search('(objectClass=*)', base=base, scope='base') assert len(result) == 1
def test_forest(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) forest = client.forest() assert forest assert forest.isupper()
def test_domains(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) domains = client.domains() for domain in domains: assert domain assert domain.isupper()
def test_modify(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr') mods = [] mods.append(('replace', 'sAMAccountName', ['test-usr-2'])) client.modify(user, mods) self._delete_obj(client, user)
def test_search_all_domains(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) domains = client.domains() for domain in domains: base = client.dn_from_domain_name(domain) result = client.search('(objectClass=*)', base=base, scope='base') assert len(result) == 1
def factory(cls): """Create an instance of a class, creating it using the system specific rules.""" from ad.core.locate import Locator from ad.core.creds import Creds if issubclass(cls, Locator): return _singleton(Locator) elif issubclass(cls, Creds): domain = detect_domain() return Creds(domain) else: return cls()
def test_search_gc(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) result = client.search('(objectClass=user)', scheme='gc') assert len(result) > 1 for res in result: dn, attrs = res # accountExpires is always set, but is not a GC attribute assert 'accountExpires' not in attrs
def test_search_rootdse(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) locator = Locator() server = locator.locate(domain) client = Client(domain) result = client.search(base='', scope='base', server=server) assert len(result) == 1 dns, attrs = result[0] assert attrs.has_key('supportedControl') assert attrs.has_key('supportedSASLMechanisms')
def test_paged_results(self): self.require(ad_admin=True, expensive=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) users = [] for i in range(2000): user = self._create_user(client, 'test-usr-%04d' % i) users.append(user) result = client.search('(cn=test-usr-*)') assert len(result) == 2000 for user in users: self._delete_obj(client, user)
def test_modrdn(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search( '(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.modrdn(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1
def test_incremental_retrieval_of_multivalued_attributes(self): self.require(ad_admin=True, expensive=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr') groups = [] for i in range(2000): group = self._create_group(client, 'test-grp-%04d' % i) self._add_user_to_group(client, user, group) groups.append(group) result = client.search('(sAMAccountName=test-usr)') assert len(result) == 1 dn, attrs = result[0] assert attrs.has_key('memberOf') assert len(attrs['memberOf']) == 2000 self._delete_obj(client, user) for group in groups: self._delete_group(client, group)
def test_rename(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search( '(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.rename(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1 user = result[0][0] ou = self._create_ou(client, 'test-ou') client.rename(user, 'cn=test-usr', ou) newdn = 'cn=test-usr,%s' % ou result = client.search('(&(objectClass=user)(cn=test-usr))') assert len(result) == 1 assert result[0][0].lower() == newdn.lower()