The AD Provider connects to Active Directory, AD LDS, and other LDAP compliant network directories, such as Novell eDirectory.
The AD provider supports the following fixture and assertion types:
- Add – creates a new object
- Delete – removes one or more objects
- Update – updates one or more objects
- AD Assertion – Tests for existence, non-existence, and attribute values of an object
The AD provider includes the following extended capability:
Schema Scan – object types and attribute names are collected by the schema scan. These enable dropdown lists in the user interface to simplify fixture and assertion creation.
ResolveDN function – The AD provider offers the rule function ResolveDN(query, system) which takes and LDAP filter and a system name and returns the fully qualified user DN.
[dnRoot] value – With any field that supports templating (rule engine values in square braces), a special case rule of [dnRoot] can be used. This will be replaced with the DN Root value from the system definition. This helps with test case portability.
- LDAP Connection – The primary connection parameter of an AD provider is the LDAP connection string.
- Credential – Optional credentials may be specified including AuthType flags, which must be used for non-Microsoft LDAP directories. If using a custom credential the Password Storage license key is required
- DN Root – a DN constant to swap into fixtures and assertions to reduce typing and increase case portability
Fixtures and Assertions
Note: All fixtures and assertions have mandatory Name and System fields.
AD Add creates an object. If an object with the target DN already exists an update in place will be performed instead.
The AD Add fixture has the following fields and behavior:
- DN – the DN of the object to create. [dnRoot] may be used. If the parent OU is missing it will be created.
- Parent LDAP Search – An LDAP filter query may be provided to find the container for the object. If a parent search is used, only the CN portion of the DN should be specified
- Schema Class Name – The schema of the object to create. Unlike most fields, the schema class name does NOT support dynamic templating
- Group Type – The group type field should only be used when creating an Active Directory group object. The group the may also be specified numerically in the Attributes section
- Account Name – The account name field maps onto sAMAccountName when creating an object that allows that attribute.
- Unicode Pwd – Use this field when create an AD user object. This field must be specified here instead of as a regular attribute in the Attributes section.
- User Account Control – Use this field when creating an AD user object
- Attributes – Add zero or more single-value attribute values using the Attributes collection. Available attribute names are drawn from the object schema. Values may use templating
- Multivalue Attributes – Add zero or more multivalve attributes. Although values are added via a multi-select, they may use templating as needed. The multi-value mode of Append/Replace may be relevant for fixtures that convert from an Add to an Update
The AD Update fixture edits existing objects in place. Running the same update multiple times should result in the same result.
- DN – The full DN of the object to search for, may use templating and [dnRoot]
- LDAP Search – An LDAP query filter to use in lieu of DN. May return either a single or multiple results, may use templating
- New DN – The new DN to use in case of a rename. The context object for templating is the fixture itself, so if the old OU needs to be queried from the existing object a Memo must be used
- Unicode Pwd – A new password for a password set operation
- Update Multiple – Indicates whether to update only a single item, or each item returned by the LDAP Search
- Attributes – zero or more single-value attributes to update
- Multivalue attributes – zero or more multi-value attributes to update. Updates may individually be set to "Replace" or "Append" behavior
The AD Delete fixture removes existing objects. Running a delete a second time will take no action.
- DN – the DN of the object to be deleted
- LDAP Search – an LDAP query to find one or more objects
- Is Clear – Setting the clear flag means that if the object is a container, such as an organizationalUnit, instead of deleting the object, all child objects will be deleted instead
- Delete Multiple – If using and LDAP Search, delete multiple allows all returned objects to be removed
The AD Assertion is an all-purpose assertion type for validating objects in AD.
- DN – The DN of the object to find
- LDAP Search – An LDAP query to find an object. DN and LDAP Search are mutually exclusive. Only the first search result is returned for evaluation
- Not Exists – Inverts the assertion. The assertion will fail if a match is found.
- Attributes – Collection of assertion attributes. May be single-valued or multivalued. If asserting against a multi-valued attribute, the assertion will be applied to each value in the set and will pass if any of the values pass