sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-05-28 21:05:48 +03:00
Code

s4:tests/dirsync: add tests for dirsync with extended_dn

Browse Source 
This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the SDDL format for GUID/SID
components.

Azure AD connect reports discovery errors:
  reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2019-10-22 12:12:32 +02:00 committed by Andrew Bartlett
parent 9471508391
commit 6d43d82b49
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail.d/dirsync_extended_dn Normal file
View File

@ -0,0 +1 @@
^samba4.ldap.dirsync.python.*.__main__.ExtendedDirsyncTests.test_dirsync_extended_dn

31
source4/dsdb/tests/python/dirsync.py
View File

@ -655,6 +655,37 @@ class ExtendedDirsyncTests(SimpleDirsyncTests):
self.assertEqual(res[0].get("member;range=1-1"), None) self.assertEqual(res[0].get("member;range=1-1"), None)
self.assertEqual(len(res[0].get("member;range=0-0")), 2) self.assertEqual(len(res[0].get("member;range=0-0")), 2)
def test_dirsync_extended_dn(self):
"""Check that dirsync works together with the extended_dn control"""
# Let's search for members
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
res = self.ldb_simple.search(self.base_dn,
expression="(name=Administrators)",
controls=["dirsync:1:1:1"])
self.assertTrue(len(res[0].get("member")) > 0)
size = len(res[0].get("member"))
resEX1 = self.ldb_simple.search(self.base_dn,
expression="(name=Administrators)",
controls=["dirsync:1:1:1","extended_dn:1:1"])
self.assertTrue(len(resEX1[0].get("member")) > 0)
sizeEX1 = len(resEX1[0].get("member"))
self.assertEqual(sizeEX1, size)
self.assertIn(res[0]["member"][0], resEX1[0]["member"][0])
self.assertIn(b"<GUID=", resEX1[0]["member"][0])
self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0])
resEX0 = self.ldb_simple.search(self.base_dn,
expression="(name=Administrators)",
controls=["dirsync:1:1:1","extended_dn:1:0"])
self.assertTrue(len(resEX0[0].get("member")) > 0)
sizeEX0 = len(resEX0[0].get("member"))
self.assertEqual(sizeEX0, size)
self.assertIn(res[0]["member"][0], resEX0[0]["member"][0])
self.assertIn(b"<GUID=", resEX0[0]["member"][0])
self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
def test_dirsync_deleted_items(self): def test_dirsync_deleted_items(self):
"""Check that dirsync returnd deleted objects too""" """Check that dirsync returnd deleted objects too"""
# Let's create an OU # Let's create an OU