def test_change_password_target_pdc(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) locator = Locator() pdc = locator.locate(domain, role='pdc') user = self._create_user(client, 'test-usr-4', server=pdc) principal = 'test-usr-4@%s' % domain client.set_password(principal, 'Pass123', server=pdc) mods = [] ctrl = AD_USERCTRL_NORMAL_ACCOUNT mods.append(('replace', 'userAccountControl', [str(ctrl)])) mods.append(('replace', 'pwdLastSet', ['0'])) client.modify(user, mods, server=pdc) client.change_password(principal, 'Pass123', 'Pass456', server=pdc) creds = Creds(domain) creds.acquire('test-usr-4', 'Pass456', server=pdc) assert_raises(ADError, creds.acquire, 'test-usr-4', 'Pass321', server=pdc) self._delete_obj(client, user, server=pdc)
def test_acquire_multi(self): self.require(ad_user=True) domain = self.domain() principal = self.ad_user_account() password = self.ad_user_password() creds1 = ADCreds(domain) creds1.acquire(principal, password) ccache1 = creds1._ccache_name() config1 = creds1._config_name() assert ccache1 == os.environ['KRB5CCNAME'] assert config1 == os.environ['KRB5_CONFIG'] creds2 = ADCreds(domain) creds2.acquire(principal, password) ccache2 = creds2._ccache_name() config2 = creds2._config_name() assert ccache2 == os.environ['KRB5CCNAME'] assert config2 == os.environ['KRB5_CONFIG'] assert ccache1 != ccache2 assert config1 != config2 activate(creds1) assert os.environ['KRB5CCNAME'] == ccache1 assert os.environ['KRB5_CONFIG'] == config1 activate(creds2) assert os.environ['KRB5CCNAME'] == ccache2 assert os.environ['KRB5_CONFIG'] == config2
def test_naming_contexts(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) naming_contexts = client.naming_contexts() assert len(naming_contexts) >= 3
def test_delete(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) dn = self._create_user(client, 'test-usr') client.delete(dn)
def test_search(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) result = client.search('(objectClass=user)') assert len(result) > 1
def test_forest(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) forest = client.forest() assert forest assert forest.isupper()
def test_search_configuration(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) base = client.configuration_base() result = client.search('(objectClass=*)', base=base, scope='base') assert len(result) == 1
def test_domains(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) domains = client.domains() for domain in domains: assert domain assert domain.isupper()
def test_modify(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr') mods = [] mods.append(('replace', 'sAMAccountName', ['test-usr-2'])) client.modify(user, mods) self._delete_obj(client, user)
def test_search_all_domains(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) domains = client.domains() for domain in domains: base = client.dn_from_domain_name(domain) result = client.search('(objectClass=*)', base=base, scope='base') assert len(result) == 1
def test_search_gc(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) client = Client(domain) result = client.search('(objectClass=user)', scheme='gc') assert len(result) > 1 for res in result: dn, attrs = res # accountExpires is always set, but is not a GC attribute assert 'accountExpires' not in attrs
def test_search_rootdse(self): self.require(ad_user=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_user_account(), self.ad_user_password()) activate(creds) locator = Locator() server = locator.locate(domain) client = Client(domain) result = client.search(base='', scope='base', server=server) assert len(result) == 1 dns, attrs = result[0] assert attrs.has_key('supportedControl') assert attrs.has_key('supportedSASLMechanisms')
def test_modrdn(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.modrdn(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1
def test_modrdn(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search( '(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.modrdn(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1
def test_paged_results(self): self.require(ad_admin=True, expensive=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) users = [] for i in range(2000): user = self._create_user(client, 'test-usr-%04d' % i) users.append(user) result = client.search('(cn=test-usr-*)') assert len(result) == 2000 for user in users: self._delete_obj(client, user)
def test_set_password(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr-1') principal = 'test-usr-1@%s' % domain client.set_password(principal, 'Pass123') mods = [] ctrl = AD_USERCTRL_NORMAL_ACCOUNT mods.append(('replace', 'userAccountControl', [str(ctrl)])) client.modify(user, mods) creds = Creds(domain) creds.acquire('test-usr-1', 'Pass123') assert_raises(ADError, creds.acquire, 'test-usr-1', 'Pass321') self._delete_obj(client, user)
def test_incremental_retrieval_of_multivalued_attributes(self): self.require(ad_admin=True, expensive=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) user = self._create_user(client, 'test-usr') groups = [] for i in range(2000): group = self._create_group(client, 'test-grp-%04d' % i) self._add_user_to_group(client, user, group) groups.append(group) result = client.search('(sAMAccountName=test-usr)') assert len(result) == 1 dn, attrs = result[0] assert attrs.has_key('memberOf') assert len(attrs['memberOf']) == 2000 self._delete_obj(client, user) for group in groups: self._delete_group(client, group)
def test_rename(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search('(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.rename(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1 user = result[0][0] ou = self._create_ou(client, 'test-ou') client.rename(user, 'cn=test-usr', ou) newdn = 'cn=test-usr,%s' % ou result = client.search('(&(objectClass=user)(cn=test-usr))') assert len(result) == 1 assert result[0][0].lower() == newdn.lower()
def test_rename(self): self.require(ad_admin=True) domain = self.domain() creds = Creds(domain) creds.acquire(self.ad_admin_account(), self.ad_admin_password()) activate(creds) client = Client(domain) result = client.search( '(&(objectClass=user)(sAMAccountName=test-usr))') if result: client.delete(result[0][0]) user = self._create_user(client, 'test-usr') client.rename(user, 'cn=test-usr2') result = client.search('(&(objectClass=user)(cn=test-usr2))') assert len(result) == 1 user = result[0][0] ou = self._create_ou(client, 'test-ou') client.rename(user, 'cn=test-usr', ou) newdn = 'cn=test-usr,%s' % ou result = client.search('(&(objectClass=user)(cn=test-usr))') assert len(result) == 1 assert result[0][0].lower() == newdn.lower()