tests/krb5: Allow creating an account with an assigned policy or silo

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 09abb1619a8c699b5e454983f26e8cc3e47bee8a..92482f95072d9cbbfc99635157b42300eb7813cf 100644 (file)
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1642,6 +1642,8 @@ class KDCBaseTest(RawKerberosTest):
             'secure_channel_type': None,
             'id': None,
             'force_nt4_hash': False,
+            'assigned_policy': None,
+            'assigned_silo': None,
         }
 
         account_opts = {
@@ -1692,7 +1694,9 @@ class KDCBaseTest(RawKerberosTest):
                             kerberos_enabled,
                             secure_channel_type,
                             id,
-                            force_nt4_hash):
+                            force_nt4_hash,
+                            assigned_policy,
+                            assigned_silo):
         if account_type is self.AccountType.USER:
             self.assertIsNone(spn)
             self.assertIsNone(delegation_to_spn)
@@ -1751,6 +1755,12 @@ class KDCBaseTest(RawKerberosTest):
         if spn is None and account_type is not self.AccountType.USER:
             spn = 'host/' + user_name
 
+        if assigned_policy is not None:
+            details['msDS-AssignedAuthNPolicy'] = assigned_policy
+
+        if assigned_silo is not None:
+            details['msDS-AssignedAuthNPolicySilo'] = assigned_silo
+
         creds, dn = self.create_account(samdb, user_name,
                                         account_type=account_type,
                                         upn=upn,