Adjusted ACL tests to use encripted connection.

This way we get rid of the conditional if.Samba checks, because users are successfully created and enabled.
author: Nadezhda Ivanova <nivanova@samba.org> 2010-06-11 17:22:21 +0300
committer: Nadezhda Ivanova <nivanova@samba.org> 2010-06-11 17:22:21 +0300
commit: e3c95940cd6e1f6976cb249a8b329cdff4c756ee (patch)
tree: b4e0830e046f9512cf1f438e03a495acce1d27c2 /source4/lib/ldb/tests/python
parent: 4bb351ac8080c92ff6a84a5cdeca0b158864da1b (diff)
1 files changed, 69 insertions, 120 deletions
diff --git a/source4/lib/ldb/tests/python/acl.py b/source4/lib/ldb/tests/python/acl.py
index 37265ef3d5..8a3f4cb019 100755
--- a/source4/lib/ldb/tests/python/acl.py
+++ b/source4/lib/ldb/tests/python/acl.py
@@ -20,6 +20,9 @@ from samba.dcerpc import security
 
 from samba.auth import system_session
 from samba import Ldb
+from samba import gensec
+from samba.samdb import SamDB
+from samba.credentials import Credentials
 from subunit.run import SubunitTestRunner
 import unittest
 
@@ -41,6 +44,7 @@ host = args[0]
 
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
+creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
 
 #
 # Tests start here
@@ -70,13 +74,6 @@ class AclTests(unittest.TestCase):
         self.domain_sid = self.find_domain_sid(self.ldb_admin)
         self.user_pass = "samba123@"
         print "baseDN: %s" % self.base_dn
-        self.SAMBA = False; self.WIN = False
-        res = self.ldb_admin.search(base="",expression="", scope=SCOPE_BASE,
-                                    attrs=["vendorName"])
-        if res and "vendorName" in res[0].keys() and res[0]["vendorName"][0].find("Samba Team") != -1:
-            self.SAMBA = True
-        else:
-            self.WIN = True
 
     def get_user_dn(self, name):
         return "CN=%s,CN=Users,%s" % (name, self.base_dn)
@@ -96,15 +93,6 @@ replace: nTSecurityDescriptor
         elif isinstance(desc, security.descriptor):
             mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
         self.ldb_admin.modify_ldif(mod)
-        return
-        # Everything below is used in case of emergency or 
-        # double modify verification of some sort
-        assert(isinstance(desc, security.descriptor))
-        fn = "/tmp/tmpMod"
-        f = open(fn, "w"); f.write(mod); f.close()
-        cmd = "ldapmodify -x -h %s -D %s -w %s -f %s" \
-                % (host[7:], self.get_user_dn(creds.get_username()), creds.get_password(), fn)
-        return os.system( cmd ) == 0
 
     def add_group_member(self, _ldb, group_dn, member_dn):
         """ Modify user to ge member of a group 
@@ -132,7 +120,17 @@ url: www.example.com
                 ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
         _ldb.add_ldif(ldif)
 
-    def create_user(self, _ldb, user_dn, desc=None):
+    def create_active_user(self, _ldb, user_dn):
+        ldif = """
+dn: """ + user_dn + """
+sAMAccountName: """ + user_dn.split(",")[0][3:] + """
+objectClass: user
+unicodePwd:: """ + base64.b64encode("\"samba123@\"".encode('utf-16-le')) + """
+url: www.example.com
+"""
+        _ldb.add_ldif(ldif)
+
+    def create_test_user(self, _ldb, user_dn, desc=None):
         ldif = """
 dn: """ + user_dn + """
 sAMAccountName: """ + user_dn.split(",")[0][3:] + """
@@ -169,33 +167,16 @@ url: www.example.com
         desc = res[0]["nTSecurityDescriptor"][0]
         return ndr_unpack( security.descriptor, desc )
 
-    def enable_account(self,  user_dn):
-        """Enable an account.
-        :param user_dn: Dn of the account to enable.
-        """
-        res = self.ldb_admin.search(user_dn, SCOPE_BASE, None, ["userAccountControl"])
-        assert len(res) == 1
-        userAccountControl = res[0]["userAccountControl"][0]
-        userAccountControl = int(userAccountControl)
-        if (userAccountControl & 0x2):
-            userAccountControl = userAccountControl & ~0x2 # remove disabled bit
-        if (userAccountControl & 0x20):
-            userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit
-        mod = """
-dn: """ + user_dn + """
-changetype: modify
-replace: userAccountControl
-userAccountControl: %s""" % userAccountControl
-        if self.WIN:
-            mod = re.sub("userAccountControl: \d.*", "userAccountControl: 544", mod)
-        self.ldb_admin.modify_ldif(mod)
-
-    def get_ldb_connection(self, target_username):
-        username_save = creds.get_username(); password_save = creds.get_password()
-        creds.set_username(target_username)
-        creds.set_password(self.user_pass)
-        ldb_target = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
-        creds.set_username(username_save); creds.set_password(password_save)
+    def get_ldb_connection(self, target_username, target_password):
+        creds_tmp = Credentials()
+        creds_tmp.set_username(target_username)
+        creds_tmp.set_password(target_password)
+        creds_tmp.set_domain(creds.get_domain())
+        creds_tmp.set_realm(creds.get_realm())
+        creds_tmp.set_workstation(creds.get_workstation())
+        creds_tmp.set_gensec_features(creds_tmp.get_gensec_features()
+                                      | gensec.FEATURE_SEAL)
+        ldb_target = SamDB(url=host, credentials=creds_tmp, lp=lp)
         return ldb_target
 
     def get_object_sid(self, object_dn):
@@ -231,8 +212,8 @@ userAccountControl: %s""" % userAccountControl
             self.fail()
     
     def create_enable_user(self, username):
-        self.create_user(self.ldb_admin, self.get_user_dn(username))
-        self.enable_account(self.get_user_dn(username))
+        self.create_active_user(self.ldb_admin, self.get_user_dn(username))
+        self.ldb_admin.enable_account("(sAMAccountName=" + username + ")")
 
 #tests on ldap add operations
 class AclAddTests(AclTests):
@@ -244,15 +225,9 @@ class AclAddTests(AclTests):
         self.usr_admin_not_owner = "acl_add_user2"
         # Regular user
         self.regular_user = "acl_add_user3"
-        if self.SAMBA:
-            self.create_enable_user(self.usr_admin_owner)
-            self.create_enable_user(self.usr_admin_not_owner)
-            self.create_enable_user(self.regular_user)
-
-        if self.WIN:
-            self.assert_user_no_group_member(self.usr_admin_owner)
-            self.assert_user_no_group_member(self.usr_admin_not_owner)
-            self.assert_user_no_group_member(self.regular_user)
+        self.create_enable_user(self.usr_admin_owner)
+        self.create_enable_user(self.usr_admin_not_owner)
+        self.create_enable_user(self.regular_user)
 
         # add admins to the Domain Admins group
         self.add_group_member(self.ldb_admin, "CN=Domain Admins,CN=Users," + self.base_dn, \
@@ -260,19 +235,18 @@ class AclAddTests(AclTests):
         self.add_group_member(self.ldb_admin, "CN=Domain Admins,CN=Users," + self.base_dn, \
                 self.get_user_dn(self.usr_admin_not_owner))
 
-        self.ldb_owner = self.get_ldb_connection(self.usr_admin_owner)
-        self.ldb_notowner = self.get_ldb_connection(self.usr_admin_not_owner)
-        self.ldb_user = self.get_ldb_connection(self.regular_user)
+        self.ldb_owner = self.get_ldb_connection(self.usr_admin_owner, self.user_pass)
+        self.ldb_notowner = self.get_ldb_connection(self.usr_admin_not_owner, self.user_pass)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
 
     def tearDown(self):
         self.delete_force(self.ldb_admin, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_add_ou1," + self.base_dn)
-        if self.SAMBA:
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_owner))
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_not_owner))
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_owner))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_not_owner))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
 
     # Make sure top OU is deleted (and so everything under it)
     def assert_top_ou_deleted(self):
@@ -290,7 +264,7 @@ class AclAddTests(AclTests):
         mod = "(D;CI;WPCC;;;%s)" % str(user_sid)
         self.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
         # Test user and group creation with another domain admin's credentials
-        self.create_user(self.ldb_notowner, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        self.create_test_user(self.ldb_notowner, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         self.create_group(self.ldb_notowner, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         # Make sure we HAVE created the two objects -- user and group
         # !!! We should not be able to do that, but however beacuse of ACE ordering our inherited Deny ACE
@@ -310,7 +284,7 @@ class AclAddTests(AclTests):
         self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         # Test user and group creation with regular user credentials
         try:
-            self.create_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+            self.create_test_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
             self.create_group(self.ldb_user, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         except LdbError, (num, _):
             self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
@@ -334,7 +308,7 @@ class AclAddTests(AclTests):
         self.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
         self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         # Test user and group creation with granted user only to one of the objects
-        self.create_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        self.create_test_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         try:
             self.create_group(self.ldb_user, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         except LdbError, (num, _):
@@ -354,7 +328,7 @@ class AclAddTests(AclTests):
         self.assert_top_ou_deleted()
         self.create_ou(self.ldb_owner, "OU=test_add_ou1," + self.base_dn)
         self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
-        self.create_user(self.ldb_owner, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+        self.create_test_user(self.ldb_owner, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         self.create_group(self.ldb_owner, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
         # Make sure we have successfully created the two objects -- user and group
         res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s,%s)" \
@@ -370,22 +344,15 @@ class AclModifyTests(AclTests):
     def setUp(self):
         AclTests.setUp(self)
         self.user_with_wp = "acl_mod_user1"
-
-        if self.SAMBA:
-            # Create regular user
-            self.create_enable_user(self.user_with_wp)
-        if self.WIN:
-            self.assert_user_no_group_member(self.user_with_wp)
-
-        self.ldb_user = self.get_ldb_connection(self.user_with_wp)
+        self.create_enable_user(self.user_with_wp)
+        self.ldb_user = self.get_ldb_connection(self.user_with_wp, self.user_pass)
         self.user_sid = self.get_object_sid( self.get_user_dn(self.user_with_wp))
 
     def tearDown(self):
         self.delete_force(self.ldb_admin, self.get_user_dn("test_modify_user1"))
         self.delete_force(self.ldb_admin, "CN=test_modify_group1,CN=Users," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
-        if self.SAMBA:
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.user_with_wp))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.user_with_wp))
 
     def test_modify_u1(self):
         """5 Modify one attribute if you have DS_WRITE_PROPERTY for it"""
@@ -393,7 +360,7 @@ class AclModifyTests(AclTests):
         # First test object -- User
         print "Testing modify on User object"
         #self.delete_force(self.ldb_admin, self.get_user_dn("test_modify_user1"))
-        self.create_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
+        self.create_test_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
         self.dacl_add_ace(self.get_user_dn("test_modify_user1"), mod)
         ldif = """
 dn: """ + self.get_user_dn("test_modify_user1") + """
@@ -439,7 +406,7 @@ displayName: test_changed"""
         # First test object -- User
         print "Testing modify on User object"
         #self.delete_force(self.ldb_admin, self.get_user_dn("test_modify_user1"))
-        self.create_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
+        self.create_test_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
         self.dacl_add_ace(self.get_user_dn("test_modify_user1"), mod)
         # Modify on attribute you have rights for
         ldif = """
@@ -521,7 +488,7 @@ url: www.samba.org"""
         """7 Modify one attribute as you have no what so ever rights granted"""
         # First test object -- User
         print "Testing modify on User object"
-        self.create_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
+        self.create_test_user(self.ldb_admin, self.get_user_dn("test_modify_user1"))
         # Modify on attribute you do not have rights for granted
         ldif = """
 dn: """ + self.get_user_dn("test_modify_user1") + """
@@ -602,20 +569,13 @@ class AclSearchTests(AclTests):
     def setUp(self):
         AclTests.setUp(self)
         self.regular_user = "acl_search_user1"
-
-        if self.SAMBA:
-            # Create regular user
-            self.create_enable_user(self.regular_user)
-        if self.WIN:
-            self.assert_user_no_group_member(self.regular_user)
-
-        self.ldb_user = self.get_ldb_connection(self.regular_user)
+        self.create_enable_user(self.regular_user)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
 
     def tearDown(self):
         self.delete_force(self.ldb_admin, "CN=test_search_user1,OU=test_search_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_search_ou1," + self.base_dn)
-        if self.SAMBA:
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
 
     def test_search_u1(self):
         """See if can prohibit user to read another User object"""
@@ -640,7 +600,7 @@ class AclSearchTests(AclTests):
         self.create_ou(self.ldb_admin, ou_dn, desc)
         # Create clean user
         self.delete_force(self.ldb_admin, user_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         desc = self.read_desc( user_dn )
         desc_sddl = desc.as_sddl( self.domain_sid )
         # Parse security descriptor SDDL and remove all 'Read' ACEs
@@ -652,7 +612,7 @@ class AclSearchTests(AclTests):
         # Create user with the edited descriptor
         desc = security.descriptor.from_sddl( desc_sddl, self.domain_sid )
         self.delete_force(self.ldb_admin, user_dn)
-        self.create_user(self.ldb_admin, user_dn, desc)
+        self.create_test_user(self.ldb_admin, user_dn, desc)
 
         res = ldb_user.search( self.base_dn, expression="(distinguishedName=%s)" \
                                     % user_dn )
@@ -681,7 +641,7 @@ class AclSearchTests(AclTests):
         self.create_ou(self.ldb_admin, ou_dn, desc)
         # Create clean user
         self.delete_force(self.ldb_admin, user_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         # Parse security descriptor SDDL and remove all 'Read' ACEs
         # reffering to AU
         desc_aces = re.findall("\(.*?\)", desc_sddl)
@@ -701,24 +661,18 @@ class AclDeleteTests(AclTests):
     def setUp(self):
         AclTests.setUp(self)
         self.regular_user = "acl_delete_user1"
-
-        if self.SAMBA:
             # Create regular user
-            self.create_enable_user(self.regular_user)
-        if self.WIN:
-            self.assert_user_no_group_member(self.regular_user)
-
-        self.ldb_user = self.get_ldb_connection(self.regular_user)
+        self.create_enable_user(self.regular_user)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
 
     def tearDown(self):
         self.delete_force(self.ldb_admin, self.get_user_dn("test_delete_user1"))
-        if self.SAMBA:
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
 
     def test_delete_u1(self):
         """User is prohibited by default to delete another User object"""
         # Create user that we try to delete
-        self.create_user(self.ldb_admin, self.get_user_dn("test_delete_user1"))
+        self.create_test_user(self.ldb_admin, self.get_user_dn("test_delete_user1"))
         # Here delete User object should ALWAYS through exception
         try:
             self.ldb_user.delete(self.get_user_dn("test_delete_user1"))
@@ -731,7 +685,7 @@ class AclDeleteTests(AclTests):
         """User's group has RIGHT_DELETE to another User object"""
         user_dn = self.get_user_dn("test_delete_user1")
         # Create user that we try to delete
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         mod = "(A;;SD;;;AU)"
         self.dacl_add_ace(user_dn, mod)
         # Try to delete User object
@@ -744,7 +698,7 @@ class AclDeleteTests(AclTests):
         """User indentified by SID has RIGHT_DELETE to another User object"""
         user_dn = self.get_user_dn("test_delete_user1")
         # Create user that we try to delete
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         mod = "(A;;SD;;;%s)" % str( self.get_object_sid(self.get_user_dn(self.regular_user)))
         self.dacl_add_ace(user_dn, mod)
         # Try to delete User object
@@ -760,13 +714,9 @@ class AclRenameTests(AclTests):
         AclTests.setUp(self)
         self.regular_user = "acl_rename_user1"
 
-        if self.SAMBA:
             # Create regular user
-            self.create_enable_user(self.regular_user)
-        if self.WIN:
-            self.assert_user_no_group_member(self.regular_user)
-
-        self.ldb_user = self.get_ldb_connection(self.regular_user)
+        self.create_enable_user(self.regular_user)
+        self.ldb_user = self.get_ldb_connection(self.regular_user, self.user_pass)
 
     def tearDown(self):
         # Rename OU3
@@ -785,14 +735,13 @@ class AclRenameTests(AclTests):
         self.delete_force(self.ldb_admin, "CN=test_rename_user5,OU=test_rename_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_rename_ou3,OU=test_rename_ou1," + self.base_dn)
         self.delete_force(self.ldb_admin, "OU=test_rename_ou1," + self.base_dn)
-        if self.SAMBA:
-            self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+        self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
 
     def test_rename_u1(self):
         """Regular user fails to rename 'User object' within single OU"""
         # Create OU structure
         self.create_ou(self.ldb_admin, "OU=test_rename_ou1," + self.base_dn)
-        self.create_user(self.ldb_admin, "CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn)
+        self.create_test_user(self.ldb_admin, "CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn)
         try:
             self.ldb_user.rename("CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn, \
                     "CN=test_rename_user5,OU=test_rename_ou1," + self.base_dn)
@@ -808,7 +757,7 @@ class AclRenameTests(AclTests):
         rename_user_dn = "CN=test_rename_user5," + ou_dn
         # Create OU structure
         self.create_ou(self.ldb_admin, ou_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         mod = "(A;;WP;;;AU)"
         self.dacl_add_ace(user_dn, mod)
         # Rename 'User object' having WP to AU
@@ -827,7 +776,7 @@ class AclRenameTests(AclTests):
         rename_user_dn = "CN=test_rename_user5," + ou_dn
         # Create OU structure
         self.create_ou(self.ldb_admin, ou_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         sid = self.get_object_sid(self.get_user_dn(self.regular_user))
         mod = "(A;;WP;;;%s)" % str(sid)
         self.dacl_add_ace(user_dn, mod)
@@ -849,7 +798,7 @@ class AclRenameTests(AclTests):
         # Create OU structure
         self.create_ou(self.ldb_admin, ou1_dn)
         self.create_ou(self.ldb_admin, ou2_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         mod = "(A;;WPSD;;;AU)"
         self.dacl_add_ace(user_dn, mod)
         mod = "(A;;CC;;;AU)"
@@ -872,7 +821,7 @@ class AclRenameTests(AclTests):
         # Create OU structure
         self.create_ou(self.ldb_admin, ou1_dn)
         self.create_ou(self.ldb_admin, ou2_dn)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         sid = self.get_object_sid(self.get_user_dn(self.regular_user))
         mod = "(A;;WPSD;;;%s)" % str(sid)
         self.dacl_add_ace(user_dn, mod)
@@ -901,7 +850,7 @@ class AclRenameTests(AclTests):
         self.dacl_add_ace(ou1_dn, mod)
         mod = "(A;;CC;;;AU)"
         self.dacl_add_ace(ou2_dn, mod)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         mod = "(A;;WP;;;AU)"
         self.dacl_add_ace(user_dn, mod)
         # Rename 'User object' having SD and CC to AU
@@ -928,7 +877,7 @@ class AclRenameTests(AclTests):
         self.dacl_add_ace(ou1_dn, mod)
         mod = "(A;;CC;;;AU)"
         self.dacl_add_ace(ou3_dn, mod)
-        self.create_user(self.ldb_admin, user_dn)
+        self.create_test_user(self.ldb_admin, user_dn)
         # Rename 'User object' having SD and CC to AU
         self.ldb_user.rename(user_dn, rename_user_dn)
         res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
@@ -973,7 +922,7 @@ class AclRenameTests(AclTests):
 
 if not "://" in host:
     host = "ldap://%s" % host
-ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
+ldb = SamDB(host, credentials=creds, session_info=system_session(), lp=lp)
 
 runner = SubunitTestRunner()
 rc = 0
author	Nadezhda Ivanova <nivanova@samba.org>	2010-06-11 17:22:21 +0300
committer	Nadezhda Ivanova <nivanova@samba.org>	2010-06-11 17:22:21 +0300
commit	e3c95940cd6e1f6976cb249a8b329cdff4c756ee (patch)
tree	b4e0830e046f9512cf1f438e03a495acce1d27c2 /source4/lib/ldb/tests/python
parent	4bb351ac8080c92ff6a84a5cdeca0b158864da1b (diff)