def test_str(self): x = ldb.Dn(self.ldb, "dc=foo12,bar=bloe") self.assertEquals(x.__str__(), "dc=foo12,bar=bloe")
def newuser(self, username, password, force_password_change_at_next_login_req=False, useusernameascn=False, userou=None, surname=None, givenname=None, initials=None, profilepath=None, scriptpath=None, homedrive=None, homedirectory=None, jobtitle=None, department=None, company=None, description=None, mailaddress=None, internetaddress=None, telephonenumber=None, physicaldeliveryoffice=None, sd=None, setpassword=True, uidnumber=None, gidnumber=None, gecos=None, loginshell=None, uid=None, nisdomain=None, unixhome=None): """Adds a new user with additional parameters :param username: Name of the new user :param password: Password for the new user :param force_password_change_at_next_login_req: Force password change :param useusernameascn: Use username as cn rather that firstname + initials + lastname :param userou: Object container (without domainDN postfix) for new user :param surname: Surname of the new user :param givenname: First name of the new user :param initials: Initials of the new user :param profilepath: Profile path of the new user :param scriptpath: Logon script path of the new user :param homedrive: Home drive of the new user :param homedirectory: Home directory of the new user :param jobtitle: Job title of the new user :param department: Department of the new user :param company: Company of the new user :param description: of the new user :param mailaddress: Email address of the new user :param internetaddress: Home page of the new user :param telephonenumber: Phone number of the new user :param physicaldeliveryoffice: Office location of the new user :param sd: security descriptor of the object :param setpassword: optionally disable password reset :param uidnumber: RFC2307 Unix numeric UID of the new user :param gidnumber: RFC2307 Unix primary GID of the new user :param gecos: RFC2307 Unix GECOS field of the new user :param loginshell: RFC2307 Unix login shell of the new user :param uid: RFC2307 Unix username of the new user :param nisdomain: RFC2307 Unix NIS domain of the new user :param unixhome: RFC2307 Unix home directory of the new user """ displayname = "" if givenname is not None: displayname += givenname if initials is not None: displayname += ' %s.' % initials if surname is not None: displayname += ' %s' % surname cn = username if useusernameascn is None and displayname is not "": cn = displayname user_dn = "CN=%s,%s,%s" % (cn, (userou or "CN=Users"), self.domain_dn()) dnsdomain = ldb.Dn(self, self.domain_dn()).canonical_str().replace("/", "") user_principal_name = "%s@%s" % (username, dnsdomain) # The new user record. Note the reliance on the SAMLDB module which # fills in the default informations ldbmessage = {"dn": user_dn, "sAMAccountName": username, "userPrincipalName": user_principal_name, "objectClass": "user"} if surname is not None: ldbmessage["sn"] = surname if givenname is not None: ldbmessage["givenName"] = givenname if displayname is not "": ldbmessage["displayName"] = displayname ldbmessage["name"] = displayname if initials is not None: ldbmessage["initials"] = '%s.' % initials if profilepath is not None: ldbmessage["profilePath"] = profilepath if scriptpath is not None: ldbmessage["scriptPath"] = scriptpath if homedrive is not None: ldbmessage["homeDrive"] = homedrive if homedirectory is not None: ldbmessage["homeDirectory"] = homedirectory if jobtitle is not None: ldbmessage["title"] = jobtitle if department is not None: ldbmessage["department"] = department if company is not None: ldbmessage["company"] = company if description is not None: ldbmessage["description"] = description if mailaddress is not None: ldbmessage["mail"] = mailaddress if internetaddress is not None: ldbmessage["wWWHomePage"] = internetaddress if telephonenumber is not None: ldbmessage["telephoneNumber"] = telephonenumber if physicaldeliveryoffice is not None: ldbmessage["physicalDeliveryOfficeName"] = physicaldeliveryoffice if sd is not None: ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd) ldbmessage2 = None if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos, loginshell, nisdomain, unixhome))): ldbmessage2 = ldb.Message() ldbmessage2.dn = ldb.Dn(self, user_dn) if uid is not None: ldbmessage2["uid"] = ldb.MessageElement(str(uid), ldb.FLAG_MOD_REPLACE, 'uid') if uidnumber is not None: ldbmessage2["uidNumber"] = ldb.MessageElement(str(uidnumber), ldb.FLAG_MOD_REPLACE, 'uidNumber') if gidnumber is not None: ldbmessage2["gidNumber"] = ldb.MessageElement(str(gidnumber), ldb.FLAG_MOD_REPLACE, 'gidNumber') if gecos is not None: ldbmessage2["gecos"] = ldb.MessageElement(str(gecos), ldb.FLAG_MOD_REPLACE, 'gecos') if loginshell is not None: ldbmessage2["loginShell"] = ldb.MessageElement(str(loginshell), ldb.FLAG_MOD_REPLACE, 'loginShell') if unixhome is not None: ldbmessage2["unixHomeDirectory"] = ldb.MessageElement( str(unixhome), ldb.FLAG_MOD_REPLACE, 'unixHomeDirectory') if nisdomain is not None: ldbmessage2["msSFU30NisDomain"] = ldb.MessageElement( str(nisdomain), ldb.FLAG_MOD_REPLACE, 'msSFU30NisDomain') ldbmessage2["msSFU30Name"] = ldb.MessageElement( str(username), ldb.FLAG_MOD_REPLACE, 'msSFU30Name') ldbmessage2["unixUserPassword"] = ldb.MessageElement( 'ABCD!efgh12345$67890', ldb.FLAG_MOD_REPLACE, 'unixUserPassword') self.transaction_start() try: self.add(ldbmessage) if ldbmessage2: self.modify(ldbmessage2) # Sets the password for it if setpassword: self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password, force_password_change_at_next_login_req) except: self.transaction_cancel() raise else: self.transaction_commit()
def set_pwdProperties(self, value): m = ldb.Message() m.dn = ldb.Dn(self, self.domain_dn()) m["pwdProperties"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "pwdProperties") self.modify(m)
def test_search_attrs(self): l = ldb.Ldb(filename()) self.assertEquals( len(l.search(ldb.Dn(l, ""), ldb.SCOPE_SUBTREE, "(dc=*)", ["dc"])), 0)
def test_delete(self): l = ldb.Ldb(filename()) self.assertRaises(ldb.LdbError, lambda: l.delete(ldb.Dn(l, "dc=foo2")))
def test_repr(self): self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "dc=foo29") self.msg["dc"] = "foo" self.assertEquals( "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})", repr(self.msg))
def test_get_dn(self): self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO") self.assertEquals("@BASEINFO", self.msg.get("dn").__str__())
def test_is_valid(self): x = ldb.Dn(self.ldb, "dc=foo18,dc=bloe") self.assertTrue(x.is_valid()) x = ldb.Dn(self.ldb, "") self.assertTrue(x.is_valid())
def test_is_special(self): x = ldb.Dn(self.ldb, "dc=foo19,bar=bloe") self.assertFalse(x.is_special()) x = ldb.Dn(self.ldb, "@FOOBAR") self.assertTrue(x.is_special())
def test_parent(self): x = ldb.Dn(self.ldb, "dc=foo16,bar=bloe") self.assertEquals("bar=bloe", x.parent().__str__())
def test_parent_nonexistant(self): x = ldb.Dn(self.ldb, "@BLA") self.assertEquals(None, x.parent())
def test_validate(self): x = ldb.Dn(self.ldb, "dc=foo15,bar=bloe") self.assertTrue(x.validate())
def test_get_casefold(self): x = ldb.Dn(self.ldb, "dc=foo14,bar=bloe") self.assertEquals(x.get_casefold(), "DC=FOO14,BAR=bloe")
def test_repr(self): x = ldb.Dn(self.ldb, "dc=foo13,bla=blie") self.assertEquals(x.__repr__(), "Dn('dc=foo13,bla=blie')")
def test_init_dn(self): self.msg = ldb.Message(ldb.Dn(ldb.Ldb(), "dc=foo27")) self.assertEquals("dc=foo27", str(self.msg.dn))
def test_check_special(self): x = ldb.Dn(self.ldb, "dc=foo20,bar=bloe") self.assertFalse(x.check_special("FOOBAR")) x = ldb.Dn(self.ldb, "@FOOBAR") self.assertTrue(x.check_special("@FOOBAR"))
def test_iter_items(self): self.assertEquals(0, len(self.msg.items())) self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "dc=foo28") self.assertEquals(1, len(self.msg.items()))
def test_len(self): x = ldb.Dn(self.ldb, "dc=foo21,bar=bloe") self.assertEquals(2, len(x)) x = ldb.Dn(self.ldb, "dc=foo21") self.assertEquals(1, len(x))
def test_keys(self): self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO") self.msg["foo"] = ["bla"] self.msg["bar"] = ["bla"] self.assertEquals(["dn", "foo", "bar"], self.msg.keys())
def test_add_child(self): x = ldb.Dn(self.ldb, "dc=foo22,bar=bloe") self.assertTrue(x.add_child(ldb.Dn(self.ldb, "bla=bloe"))) self.assertEquals("bla=bloe,dc=foo22,bar=bloe", x.__str__())
def test_get_invalid(self): self.msg.dn = ldb.Dn(ldb.Ldb(filename()), "@BASEINFO") self.assertRaises(TypeError, self.msg.get, 42)
def test_add_base(self): x = ldb.Dn(self.ldb, "dc=foo23,bar=bloe") base = ldb.Dn(self.ldb, "bla=bloe") self.assertTrue(x.add_base(base)) self.assertEquals("dc=foo23,bar=bloe,bla=bloe", x.__str__())
def test_search_scope_base(self): l = ldb.Ldb(filename()) self.assertEquals( len(l.search(ldb.Dn(l, "dc=foo1"), ldb.SCOPE_ONELEVEL)), 0)
def test_add(self): x = ldb.Dn(self.ldb, "dc=foo24") y = ldb.Dn(self.ldb, "bar=bla") self.assertEquals("dc=foo24,bar=bla", str(y + x))
def add_dns_records( samdb, name, dns_conn, change_owner_sd, server, ip_address_list, logger): """Add DNS A or AAAA records while creating computer. """ name = name.rstrip('$') client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN select_flags = dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA | dnsserver.DNS_RPC_VIEW_NO_CHILDREN zone = samdb.domain_dns_name() name_found = True sd_helper = sd_utils.SDUtils(samdb) try: buflen, res = dns_conn.DnssrvEnumRecords2( client_version, 0, server, zone, name, None, dnsp.DNS_TYPE_ALL, select_flags, None, None, ) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: name_found = False pass if name_found: for rec in res.rec: for record in rec.records: if record.wType == dnsp.DNS_TYPE_A or record.wType == dnsp.DNS_TYPE_AAAA: # delete record del_rec_buf = dnsserver.DNS_RPC_RECORD_BUF() del_rec_buf.rec = record try: dns_conn.DnssrvUpdateRecord2( client_version, 0, server, zone, name, None, del_rec_buf, ) except WERRORError as e: if e.args[0] != werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: raise for ip_address in ip_address_list: if _is_valid_ipv6(ip_address): logger.info("Adding DNS AAAA record %s.%s for IPv6 IP: %s" % ( name, zone, ip_address)) rec = AAAARecord(ip_address) elif _is_valid_ipv4(ip_address): logger.info("Adding DNS A record %s.%s for IPv4 IP: %s" % ( name, zone, ip_address)) rec = ARecord(ip_address) else: raise ValueError('Invalid IP: {}'.format(ip_address)) # Add record add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF() add_rec_buf.rec = rec dns_conn.DnssrvUpdateRecord2( client_version, 0, server, zone, name, add_rec_buf, None, ) if (len(ip_address_list) > 0): domaindns_zone_dn = ldb.Dn( samdb, 'DC=DomainDnsZones,%s' % samdb.get_default_basedn(), ) dns_a_dn, ldap_record = samdb.dns_lookup( "%s.%s" % (name, zone), dns_partition=domaindns_zone_dn, ) # Make the DC own the DNS record, not the administrator sd_helper.modify_sd_on_dn( dns_a_dn, change_owner_sd, controls=["sd_flags:1:%d" % (security.SECINFO_OWNER | security.SECINFO_GROUP)], )
def test_canonical_string(self): x = ldb.Dn(self.ldb, "dc=foo25,bar=bloe") self.assertEquals("/bloe/foo25", x.canonical_str())
def set_minPwdLength(self, value): m = ldb.Message() m.dn = ldb.Dn(self, self.domain_dn()) m["minPwdLength"] = ldb.MessageElement(value, ldb.FLAG_MOD_REPLACE, "minPwdLength") self.modify(m)
def test_canonical_ex_string(self): x = ldb.Dn(self.ldb, "dc=foo26,bar=bloe") self.assertEquals("/bloe\nfoo26", x.canonical_ex_str())
def test_edit_rid_master(self): """Test doing a RID allocation after changing the RID master from the original one. This should set rIDNextRID to 0 on the new RID master.""" # 1. a. Transfer role to non-RID master # b. Check that it succeeds correctly # # 2. a. Call the RID alloc against the former master. # b. Check that it succeeds. fsmo_dn = ldb.Dn( self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn()) (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn) # 1. Swap RID master role m = ldb.Message() m.dn = ldb.Dn(self.ldb_dc1, "") m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE, "becomeRidMaster") # Make sure that ldb_dc1 == RID Master server_dn = str( ldb.Dn(self.ldb_dc1, self.ldb_dc1.get_dsServiceName()).parent()) # self.ldb_dc1 == LOCALDC if server_dn == fsmo_owner['server_dn']: # ldb_dc1 == VAMPIREDC ldb_dc1, ldb_dc2 = self.ldb_dc2, self.ldb_dc1 else: # Otherwise switch the two ldb_dc1, ldb_dc2 = self.ldb_dc1, self.ldb_dc2 try: # ldb_dc1 is now RID MASTER (as VAMPIREDC) ldb_dc1.modify(m) except ldb.LdbError as e1: (num, msg) = e1.args self.fail("Failed to reassign RID Master " + msg) try: # 2. Perform a RID alloc req8 = self._exop_req8( dest_dsa=fsmo_owner["ntds_guid"], invocation_id=fsmo_not_owner["invocation_id"], nc_dn_str=fsmo_dn, exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC) (drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"]) # 3. Make sure the allocation succeeds try: (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) except RuntimeError as e: self.fail("RID allocation failed: " + str(e)) fsmo_dn = ldb.Dn( self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn()) self.assertEqual(level, 6, "Expected level 6 response!") self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_not_owner["ntds_guid"])) self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_not_owner["invocation_id"])) ctr6 = ctr self.assertEqual(ctr6.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS) self.assertEqual(ctr6.object_count, 3) self.assertNotEqual(ctr6.first_object, None) self.assertEqual( ldb.Dn(ldb_dc2, ctr6.first_object.object.identifier.dn), fsmo_dn) self.assertNotEqual(ctr6.first_object.next_object, None) self.assertNotEqual(ctr6.first_object.next_object.next_object, None) second_object = ctr6.first_object.next_object.object self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn), fsmo_owner["rid_set_dn"]) third_object = ctr6.first_object.next_object.next_object.object self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn), fsmo_owner["server_acct_dn"]) finally: # Swap the RID master back for other tests m = ldb.Message() m.dn = ldb.Dn(ldb_dc2, "") m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE, "becomeRidMaster") try: ldb_dc2.modify(m) except ldb.LdbError as e: (num, msg) = e.args self.fail("Failed to restore RID Master " + msg)
def test_eq(self): x = ldb.Dn(self.ldb, "dc=foo11,bar=bloe") y = ldb.Dn(self.ldb, "dc=foo11,bar=bloe") self.assertEquals(x, y) y = ldb.Dn(self.ldb, "dc=foo11,bar=blie") self.assertNotEquals(x, y)