in TestSuites/ADFamily/src/TestSuite/MS-ADTS-Schema/SchemaModification.cs [989:1878]
public void ValidateLDSSchemaModifications()
{
DirectoryEntry dirEntry = new DirectoryEntry();
List<string> mayAndMustContain = new List<string>();
List<string> auxAndSystemAux = new List<string>();
List<string> modifyAuxAndSystemAux = new List<string>();
List<string> possAndSystemPoss = new List<string>();
List<string> modifypossAndSystemPoss = new List<string>();
PropertyValueCollection values = null;
//schema objects cannot be deleted, therefore, use timestamp for
//the schema's name when creating a new schema object to avoid name conflict
string timestamp = System.DateTime.Now.ToFileTime().ToString();
string newClassName = "CN=ValidClass" + timestamp;
#region Add Request for class schema in LDS
LdapConnection connection = new LdapConnection(
new LdapDirectoryIdentifier(adAdapter.adamServerPort),
new System.Net.NetworkCredential(
adAdapter.ClientUserName,
adAdapter.ClientUserPassword,
adAdapter.PrimaryDomainDnsName),
AuthType.Ntlm | AuthType.Basic);
//MS-ADTS-Schema_R209
bool objectCreated = false;
if (adAdapter.GetLdsObjectByDN(newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName, out dirEntry))
objectCreated = true;
AddRequestForClassSchema(newClassName, adAdapter.adamServerPort, adAdapter.LDSRootObjectName, objectCreated, true);
#endregion
#region Modify classSchema For Modify Request in LDS
string dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
bool isMustContain = false, isAuxiliaryClass = false, isObjectClassCategory = false, isModifyTop = false,
isSubSchema = false, isSearchFlagSet = false, isFilteredAttrSet = false, isSubClassOf = false,
isdefaultSecurity = false;
bool validLdapDisplay = false, isSubClas = false, isSub = false, isRid = false, isaux = false,
isposs = false, attrExists = false, classExists = false, uniqueID = false;
DirectoryEntry dirEntryForGreater = new DirectoryEntry();
if (!adAdapter.GetLdsObjectByDN("CN=NC-Name,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName,
out dirEntryForGreater))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=NC-Name,CN=Schema,CN=Configuration,"
+ adAdapter.LDSRootObjectName
+ " Object is not found in server");
}
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"ldapDisplayName", "New Class is Modified");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies ldapDisplayName fails, the R221 can be captured directly.]
DataSchemaSite.CaptureRequirement(
221,
@"A Modify request on a classSchema object fails, if the value of lDAPDisplayName is"
+ " syntactically invalid.");
}
validLdapDisplay = true;
try
{
ModifyRequest modifyForAuxiliaryClass = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"auxiliaryClass", "domainRelatedObject");
connection.SendRequest(modifyForAuxiliaryClass);
}
catch (DirectoryOperationException)
{
try
{
isMustContain = true;
ModifyRequest modifyForMustRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"mustContain", "Backward");
connection.SendRequest(modifyForMustRequest);
}
catch (DirectoryOperationException)
{
isAuxiliaryClass = true;
}
try
{
string dnTop = "CN=Top,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
DirectoryEntry dirEntryTop = new DirectoryEntry();
if (!adAdapter.GetLdsObjectByDN(dnTop, out dirEntryTop))
{
DataSchemaSite.Assume.IsTrue(false, dnTop + " Object is not found in server");
}
if (!dirEntryTop.Properties["auxiliaryClass"].Contains("msDS-BindableObject"))
{
ModifyRequest modifyTop = new ModifyRequest(dnTop, DirectoryAttributeOperation.Add,
"auxiliaryClass", "msDS-BindableObject");
connection.SendRequest(modifyTop);
}
}
catch (DirectoryOperationException)
{
isModifyTop = true;
}
try
{
ModifyRequest modifyObjectClassCategory = new ModifyRequest(dn,
DirectoryAttributeOperation.Replace, "objectClassCategory", "1");
connection.SendRequest(modifyObjectClassCategory);
}
catch (DirectoryOperationException)
{
isObjectClassCategory = true;
}
try
{
dn = "CN=Aggregate,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
ModifyRequest modifySubSchema = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"cn", "AggregateSchema");
connection.SendRequest(modifySubSchema);
}
catch (DirectoryOperationException)
{
isSubSchema = true;
}
try
{
// Ms-PKI-AccountCredentials is contains searchFlag with fRODCFilteredAttribute bit set.
dn = "CN=ms-PKI-AccountCredentials,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
ModifyRequest searchFlags = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"searchFlags", "128");
if (serverOS >= OSVersion.WinSvr2008)
{
//Attribute cannot be a member of a filtered attribute set if systemOnly is true for attributeSchema
if (dirEntryForGreater.Properties["systemOnly"].Value.Equals(true))
{
isFilteredAttrSet = true;
//MS-ADTS-Schema_R237
DataSchemaSite.CaptureRequirementIfIsTrue(
isFilteredAttrSet,
237,
"In order to reduce the possibility of schema updates by one application"
+ " breaking another application, if the DC functionality level"
+ " is DS_BEHAVIOR_WIN2008 or higher, and the attributeSchema object cannot"
+ " be a member of the filtered attribute set.");
}
}
connection.SendRequest(searchFlags);
}
catch (DirectoryOperationException)
{
isSearchFlagSet = true;
}
//MS-ADTS-Schema_R236
DataSchemaSite.CaptureRequirementIfIsTrue(
isSearchFlagSet,
236,
"In order to reduce the possibility of schema updates by one "
+ "application breaking another application, a Modify does "
+ "not change fRODCFilteredAttribute bit of the searchFlags "
+ "attribute of an attributeSchema object.");
try
{
dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
ModifyRequest subClassof = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"subClassOf", "dynamicObject");
connection.SendRequest(subClassof);
}
catch (DirectoryOperationException)
{
isSubClassOf = true;
}
//MS-ADTS-Schema_R228
DataSchemaSite.CaptureRequirementIfIsTrue(
isSubClassOf,
228,
@"A Modify request on a classSchema object fails, if dynamicObject class is referenced by the
subClassOf attribute of a class.");
isSub = true;
try
{
dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"defaultSecurityDescriptor",
"Invalid SDDL string");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
isdefaultSecurity = true;
}
}
//MS-ADTS-Schema_R230
DataSchemaSite.CaptureRequirementIfIsTrue(
isdefaultSecurity,
230,
@"A Modify request on a classSchema object fails if Attribute defaultSecurityDescriptor,
if present, is not a valid SDDL string.");
//MS-ADTS-Schema_R231
DataSchemaSite.CaptureRequirementIfIsTrue(
isMustContain,
231,
"In order to reduce the possibility of schema updates by one application breaking another application,"
+ "a Modify adds no attributes to the mustContain or systemMustContain of an existing class.");
//MS-ADTS-Schema_R232
DataSchemaSite.CaptureRequirementIfIsTrue(
isAuxiliaryClass,
232,
@"In order to reduce the possibility of schema updates by one
application breaking another application,
A Modify does not add an auxiliary class
to the auxiliaryClass or systemAuxiliaryClass of an existing class,
if doing so would effectively add either
mustContain or systemMustContain attributes to the class.");
//MS-ADTS-Schema_R233
DataSchemaSite.CaptureRequirementIfIsTrue(
isObjectClassCategory,
233,
"In order to reduce the possibility of schema updates by one application breaking another application,"
+ "a Modify does not change the objectClassCategory of an existing class.");
//MS-ADTS-Schema_R234
DataSchemaSite.CaptureRequirementIfIsTrue(
isModifyTop,
234,
"In order to reduce the possibility of schema updates by one application breaking another application,"
+ "a Modify does not change class top, except to add back link attributes as may-contains, either by"
+ " adding back link attributes to mayContain of top, or by adding auxiliary classes to auxiliaryClass"
+ " of top whose only effect on top is adding back link attributes as may-contains.");
//MS-ADTS-Schema_R235
DataSchemaSite.CaptureRequirementIfIsTrue(
isSubSchema,
235,
@"In order to reduce the possibility of schema updates by one application breaking another
application, a Modify does not change the subSchema object.");
//MS-ADTS-Schema_R222
bool validGovernsId = true;
bool validLdapDisplayName = true;
bool validSchemaIDGUID = true;
dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"governsID", "1.2.840.113556.1.3.23");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
validGovernsId = false;
}
try
{
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"lDAPDisplayName", "Country");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
validLdapDisplayName = false;
}
try
{
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Add,
"schemaIDGUID", "bf967a8c-0de6-11d0-a285-00aa003049e2");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
validSchemaIDGUID = false;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
!(validSchemaIDGUID
|| validLdapDisplayName
|| validGovernsId),
222,
@"A Modify request on a classSchema object fails, if the values of governsID,
lDAPDisplayName, and schemaIDGUID are not 'Unique'.");
uniqueID = true;
//MS-ADTS-Schema_R229
dn = "CN=Country,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
adAdapter.GetLdsObjectByDN(dn, out dirEntry);
string rDNAttIDValue = dirEntry.Properties["rDNAttID"].Value.ToString();
dcModel.TryGetAttributeContext(rDNAttIDValue, out attrContext);
DataSchemaSite.CaptureRequirementIfAreEqual<string>(
"StringUnicodeSyntax",
attrContext.syntax.Name.ToString(),
229,
@"A Modify request on a classSchema object fails, if the attribute specified
in the rDNAttID attribute does not have syntax String(Unicode).");
isRid = true;
//MS-ADTS-Schema_R225
dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
bool notsysaux = false, invalidaux = false;
try
{
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"systemAuxiliaryClass", "dMD");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
notsysaux = true;
}
try
{
ModifyRequest defaultSecurity = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"auxiliaryClass", "dMD");
connection.SendRequest(defaultSecurity);
}
catch (DirectoryOperationException)
{
invalidaux = true;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
notsysaux && invalidaux,
225,
@"A Modify request on a classSchema object fails, if at least one class in the systemAuxiliaryClass and
auxiliaryClass attributes has either 88 class or auxiliary class specified as their objectClassCategory.");
isaux = true;
//MS-ADTS-Schema_R226
values = dirEntry.Properties["possSuperiors"];
foreach (string eachValue in values)
{
modifypossAndSystemPoss.Add(eachValue);
}
values = dirEntry.Properties["systemPossSuperiors"];
foreach (string eachValue in values)
{
modifypossAndSystemPoss.Add(eachValue);
}
if (modifypossAndSystemPoss.Count != 0)
{
bool possOrSysPoss = false;
foreach (string eachValue in modifypossAndSystemPoss)
{
if (dcModel.TryGetClass(eachValue, out classObject))
{
DataSchemaSite.Log.Add(LogEntryKind.Warning,
"schema class '{0}' exists on server but not in model", eachValue);
continue;
}
if (
classObject["objectClassCategory"].ToString() == "0"
|| classObject["objectClassCategory"].ToString() == "1")
{
possOrSysPoss = true;
}
}
DataSchemaSite.CaptureRequirementIfIsTrue(
!possOrSysPoss,
226,
@"A Modify request on a classSchema object fails, if at least
one class in the systemPossSuperiors and possSuperiors attributes
has either 88 class or structural class specified as their objectClassCategory.");
}
isposs = true;
//MS-ADTS-Schema_R223
bool invalidSysMayContain = false, invalidMayContain = false, invalidSystemMustContain = false,
invalidMustContain = false;
dn = newClassName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest mayContain = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"systemMayContain", "SomeAttribute");
connection.SendRequest(mayContain);
}
catch (DirectoryOperationException)
{
invalidSysMayContain = true;
}
try
{
ModifyRequest mayContain = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"mayContain", "SomeAttribute");
connection.SendRequest(mayContain);
}
catch (DirectoryOperationException)
{
invalidMayContain = true;
}
try
{
ModifyRequest mustContain = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"mustContain", "SomeAttribute");
connection.SendRequest(mustContain);
}
catch (DirectoryOperationException)
{
invalidMustContain = true;
}
try
{
ModifyRequest mustContain = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"systemMustContain", "SomeAttribute");
connection.SendRequest(mustContain);
}
catch (DirectoryOperationException)
{
invalidSystemMustContain = true;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
invalidMustContain
&& invalidMayContain
&& invalidSystemMustContain
&& invalidSysMayContain,
223,
"A Modify request on a classSchema object fails, if at least one attribute that"
+ " is referenced in the systemMayContain, mayContain, systemMustContain and"
+ " mustContain lists does not exist and is not active.");
attrExists = true;
//MS-ADTS-Schema_R224
//A Modify request on a classSchema object fails, if at least one class that is referenced in the
//subClassOf, systemAuxiliaryClass, auxiliaryClass, systemPossSuperiors and possSuperiors lists does
//not exist and is not active.
bool invalidSubClassOf = false, invalidsystemAuxiliaryClass = false, invalidAuxiliaryClass = false,
invalidSystemPossSuperiors = false, invalidPossSuperiors = false;
try
{
ModifyRequest auxClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"systemAuxiliaryClass", "SomeClass");
connection.SendRequest(auxClass);
}
catch (DirectoryOperationException)
{
invalidsystemAuxiliaryClass = true;
}
try
{
ModifyRequest auxClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"auxiliaryClass", "SomeClass");
connection.SendRequest(auxClass);
}
catch (DirectoryOperationException)
{
invalidAuxiliaryClass = true;
}
try
{
ModifyRequest possClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"systemPossSuperiors", "SomeClass");
connection.SendRequest(possClass);
}
catch (DirectoryOperationException)
{
invalidSystemPossSuperiors = true;
}
try
{
ModifyRequest possClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"possSuperiors", "SomeClass");
connection.SendRequest(possClass);
}
catch (DirectoryOperationException)
{
invalidPossSuperiors = true;
}
try
{
ModifyRequest possClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"subClassOf", "SomeClass");
connection.SendRequest(possClass);
}
catch (DirectoryOperationException)
{
invalidSubClassOf = true;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
invalidSubClassOf
&& invalidsystemAuxiliaryClass
&& invalidSystemPossSuperiors
&& invalidPossSuperiors
&& invalidAuxiliaryClass,
224,
"A Modify request on a classSchema object fails, if at least one class that is referenced "
+ "in the subClassOf, systemAuxiliaryClass, auxiliaryClass, systemPossSuperiors and"
+ " possSuperiors lists does not exist and is not active.");
classExists = true;
//MS-ADTS-Schema_R227
//A Modify request on a classSchema object fails, if the superclass chain of a class does not follow
//at least one of the rules for inheritance as specified in section 3.1.1.2.4.2
invalidSubClassOf = false;
try
{
ModifyRequest possClass = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"subClassOf", "configuration");
connection.SendRequest(possClass);
}
catch (DirectoryOperationException)
{
invalidSubClassOf = true;
DataSchemaSite.CaptureRequirementIfIsTrue(
invalidSubClassOf,
227,
"A Modify request on a "
+ "classSchema object fails, if the superclass chain of a class does not follow at least "
+ "one of the rules for inheritance as specified in section 3.1.1.2.4.2.");
}
isSubClas = true;
DataSchemaSite.CaptureRequirementIfIsTrue(
isSub
&& isaux
&& isRid
&& isSubClas
&& isposs
&& classExists
&& attrExists
&& uniqueID
&& validLdapDisplay,
220,
"A Modify request on a classSchema object succeeds only if the resulting object"
+ " passes all of the following tests. The value of lDAPDisplayName is syntactically valid."
+ "The values of governsID, lDAPDisplayName, and schemaIDGUID are Unique."
+ "All attributes that are referenced in the systemMayContain, mayContain, systemMustContain,"
+ " and mustContain lists exist and are active."
+ "All classes that are referenced in the subClassOf, systemAuxiliaryClass, auxiliaryClass,"
+ " systemPossSuperiors, and possSuperiors lists exist and are active."
+ "All classes in the systemAuxiliaryClass and auxiliaryClass attributes have either 88 class"
+ " or auxiliary class specified as their objectClassCategory."
+ "All classes in the systemPossSuperiors and possSuperiors attributes have either 88 class"
+ " or structural class specified as their objectClassCategory."
+ "The superclass chain of a class follows the rules for inheritance."
+ "The dynamicObject class is not referenced by the subClassOf attribute of a class."
+ "The attribute specified in the rDNAttID attribute has syntax String(Unicode)."
+ "Attribute defaultSecurityDescriptor, if present, is a valid SDDL string.");
#endregion
#region Add Request for attributeSchema in LDS
string newAttributeName = "CN=ValidAttribute";
if (
adAdapter.GetLdsObjectByDN(
newAttributeName
+ ",CN=Schema,CN=Configuration,"
+ adAdapter.LDSRootObjectName,
out dirEntry))
objectCreated = true;
AddRequestForAttributeSchema(newAttributeName, adAdapter.adamServerPort, adAdapter.LDSRootObjectName, objectCreated,true);
#endregion
#region Modify attributeSchema in LDS
bool validLdap = false, unique = false, validLink = false, validSyntax = false, isFnr = false,
validRange = false;
//MS-ADTS-Schema_R203
dn = newAttributeName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
bool isModifyAttr = true;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"lDAPDisplayName", "Attribute");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies lDAPDisplayName fails, R203 is captured.]
DataSchemaSite.CaptureRequirement(
203,
"A Modify request on an attributeSchema object fails, if the value of lDAPDisplayName is"
+ " syntactically invalid.");
}
validLdap = true;
//MS-ADTS-Schema_R204
bool uniqueAttributeId = true, uniqueLdapDisplayName = true, uniqueSchemaIdGuid = true;
dn = newAttributeName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"attributeId", "1.2.840.113556.1.4.159");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
uniqueAttributeId = false;
}
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"lDAPDisplayName", "accountExpires");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
uniqueLdapDisplayName = false;
}
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"schemaIDGUID", "bf967915-0de6-11d0-a285-00aa003049e2");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
uniqueSchemaIdGuid = false;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
!(uniqueSchemaIdGuid
|| uniqueLdapDisplayName
|| uniqueAttributeId),
204,
"A Modify request on an attributeSchema object fails, if the " +
"values of attributeID, lDAPDisplayName, mAPIID (if present) and schemaIDGUID are not 'Unique'.");
unique = true;
dn = "CN=Managed-By,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
bool nonUniqueLinkID = false;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "linkID",
"104");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
nonUniqueLinkID = true;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
nonUniqueLinkID,
205,
"A Modify request on an attributeSchema object fails "
+ "if a nonzero linkID is not unique among all values of the"
+ " linkID attribute on objects in the schema NC, regardless of forest functional level.");
validLink = true;
//MS-ADTS-Schema_R206
bool invalidAttributeSyntax = false;
bool invalidOmSyntax = false;
bool invalidOmObjectClass = false;
dn = newAttributeName + ",CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"attributeSyntax", "2.5.5.18");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
invalidAttributeSyntax = true;
}
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"oMSyntax", "3");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
invalidOmSyntax = true;
}
dn = "CN=Assistant,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"oMObjectClass", "1.3.12.2.1011.28.0.703");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
invalidOmObjectClass = true;
}
DataSchemaSite.CaptureRequirementIfIsTrue(
invalidAttributeSyntax
&& invalidOmSyntax
&& invalidOmObjectClass,
206,
"A Modify request on an attributeSchema object fails if a the values of attributeSyntax,"
+ " oMSyntax and oMObjectClass do not match defined syntax (section 3.1.1.2.2).");
validSyntax = true;
//MS-ADTS-Schema_R207
dn = "CN=DMD-Location,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
adAdapter.GetLdsObjectByDN(dn, out dirEntry);
if (dcModel.TryGetAttributeContext(dirEntry.Properties["lDAPDisplayName"].Value.ToString(), out attrContext))
{
if (attrContext.syntax.Name.ToString() != "StringIA5Syntax"
&& attrContext.syntax.Name.ToString() != "StringUnicodeSyntax"
&& attrContext.syntax.Name.ToString() != "StringTeletexSyntax"
&& attrContext.syntax.Name.ToString() != "StringCaseSyntax"
&& attrContext.syntax.Name.ToString() != "StringPrintableSyntax")
{
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"searchFlags", SearchFlags.fANR.ToString());
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies searchFlags fails, R207 is captured.]
DataSchemaSite.CaptureRequirement(
207,
"A Modify request on an attributeSchema object fails"
+ " if flag fANR is present in the searchFlags attribute"
+ " if the syntax is other than String(Unicode), String(IA5),"
+ " String(Printable), String(Teletex) and String(Case).");
}
}
}
isFnr = true;
dn = newAttributeName + ",CN=Schema,CN=configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "rangeLower", "256");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies rangeLower fails, R208 is captured.]
DataSchemaSite.CaptureRequirement(
208,
"A Modify request on an attributeSchema object fails, if rangeLower and rangeUpper " +
"are not present, or rangeLower is bigger than rangeUpper.");
}
validRange = true;
DataSchemaSite.CaptureRequirementIfIsTrue(
validRange
&& validLink
&& validLdap
&& unique
&& isFnr
&& validSyntax,
202,
"A Modify request on an attributeSchema object succeeds only if the resulting object passes all"
+ " of the following tests: The value of lDAPDisplayName is syntactically valid."
+ "The values of attributeID, lDAPDisplayName, mAPIID (if present) and schemaIDGUID are Unique"
+ "A nonzero linkID, if any, is unique among all values of the linkID attribute on objects"
+ " in the schema NC, regardless of forest functional level. If a linkID is an odd number, "
+ "it is not one, and an object exists whose linkID is the even number one smaller."
+ "The values of attributeSyntax, oMSyntax, and oMObjectClass match some defined syntax."
+ "Flag fANR is only present in the searchFlags attribute if the syntax is String(Unicode),"
+ " String(IA5), String(Printable), String(Teletex) or String(Case)."
+ "If rangeLower and rangeUpper are present, rangeLower is smaller than or equal to rangeUpper.");
#endregion
#region Add or Modify Common Attributes
//MS-ADTS-Schema_R238
if (!adAdapter.GetLdsObjectByDN("CN=Container,CN=Schema,CN=configuration," + adAdapter.LDSRootObjectName, out dirEntry))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Container,CN=Schema,CN=configuration,"
+ adAdapter.LDSRootObjectName
+ " Object is not found in server");
}
string systemFlag = dirEntry.Properties["systemFlags"].Value.ToString();
int systemFlagVal = ParseSystemFlagsValue("FLAG_SCHEMA_BASE_OBJECT");
isModifyAttr = false;
if ((int)dirEntry.Properties["systemFlags"].Value != (systemFlagVal))
dn = "CN=Container,CN=Schema,CN=configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"lDAPDisplayName", "schemaDivision");
connection.SendRequest(modRequest);
isModifyAttr = true;
}
catch (DirectoryOperationException)
{
DataSchemaSite.CaptureRequirementIfIsFalse(
isModifyAttr,
238,
@"A schema objects that include FLAG_SCHEMA_BASE_OBJECT in the systemFlags attribute checks if,
A Modify does not change the lDAPDisplayName or cn of an attributeSchema or classSchema object,
or the defaultObjectCategory of a classSchema object.");
}
//MS-ADTS-Schema_R239
dn = "CN=DMD,CN=Schema,CN=configuration," + adAdapter.LDSRootObjectName;
string dnSchema = "CN=account,CN=schema,CN=configuration," + adAdapter.LDSRootObjectName;
if (!adAdapter.GetLdsObjectByDN(dn, out dirEntry))
{
DataSchemaSite.Assume.IsTrue(false, dn + " Object is not found in server");
}
systemFlagVal = ParseSystemFlagsValue("FLAG_SCHEMA_BASE_OBJECT");
if ((int)dirEntry.Properties["systemFlags"].Value == (systemFlagVal))
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"lDAPDisplayName", "dMDSchema");
ModifyRequest modRequestSchema = new ModifyRequest(dnSchema,
DirectoryAttributeOperation.Replace, "lDAPDisplayName", "schemaAccount");
connection.SendRequest(modRequest);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies dMDSchema and schemaAccount fails, R239 is captured.]
DataSchemaSite.CaptureRequirement(
239,
"A schema objects that include FLAG_SCHEMA_BASE_OBJECT in the systemFlags attribute checks "
+ "if,A Modify does not change the classSchema objects attributeSchema, classSchema, subSchema "
+ "and dMD.");
}
//MS-ADTS-Schema_R240
dn = "CN=Account-Expires,CN=Schema,CN=configuration," + adAdapter.LDSRootObjectName;
if (!adAdapter.GetLdsObjectByDN(dn, out dirEntry))
{
DataSchemaSite.Assume.IsTrue(false, dn + " Object is not found in server");
}
if ((SearchFlags)Enum.Parse(typeof(SearchFlags), dirEntry.Properties["searchFlags"].Value.ToString(), true) != SearchFlags.fCONFIDENTIAL)
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"searchFlags", ((int)SearchFlags.fCONFIDENTIAL).ToString());
connection.SendRequest(modRequest);
isModifyAttr = true;
}
catch (DirectoryOperationException)
{
// [Since the request that modifies searchFlag fails, R240 is captured.]
DataSchemaSite.CaptureRequirement(
240,
@"A schema objects that include FLAG_SCHEMA_BASE_OBJECT in the systemFlags attribute checks if, A
Modify does not change the fCONFIDENTIAL bit of the searchFlags attribute of an
attributeSchema object.");
}
//MS-ADTS-Schema_R241
dn = "CN=Member,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
try
{
ModifyRequest Class = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"attributeSecurityGUID", "00 0A 08 00 09 00 06 85 08");
connection.SendRequest(Class);
}
catch (DirectoryOperationException)
{
// [Since the request that modifies attributeSecurityGUID fails, R241 is captured.]
DataSchemaSite.CaptureRequirement(
241,
"A schema objects that include"
+ " FLAG_SCHEMA_BASE_OBJECT in the systemFlags attribute checks if,"
+ " A Modify does not change the attributeSecurityGUID on serverRole attributeSchema object.");
}
//MS-ADTS-Schema_R242
dn = "CN=Account-Expires,CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName;
if (!adAdapter.GetLdsObjectByDN(dn, out dirEntry))
{
DataSchemaSite.Assume.IsTrue(false, dn + " Object is not found in server");
}
systemFlag = dirEntry.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_SCHEMA_BASE_OBJECT");
if (systemFlag != (systemFlagVal.ToString()))
isModifyAttr = false;
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace,
"attributeSecurityGUID", "00 0A 08 00 09 00 06 85 08");
connection.SendRequest(modRequest);
isModifyAttr = true;
}
catch (DirectoryOperationException)
{
// [Since the request that modifies attributeSecurityGUID fails, R242 is captured.]
DataSchemaSite.CaptureRequirement(
242,
@"A schema objects that include FLAG_SCHEMA_BASE_OBJECT in the systemFlags attribute checks if,
A Modify does not change the attributeSecurityGUID's of accountExpires,
memberOf attributeSchema objects.");
}
#endregion
#endregion
}