Ensure GPO URLs contain the FQDN of the controller

This is the main driver for the changes in the previous commits. The way this behavior worked in the past is that we would use the URL returned in the gPCFileSysPath field without any changes. This introduced an inconsistency that went unobserved until recently. Namely, we would get the list of GPOs using the FQDN of the domain controller (e.g. adc.example.com), whereas the list of GPO URLs only included the domain name (e.g. example.com). This meant that when downloading the actual GPO data, libsmbclient would try to autodiscover a domain controller from which to perform the download, given only the domain name. In some cases, especially complicated AD deployments with lots of DCs, libsmbclient could autoresolve to an unhealthy DC (we take unhealthy to mean any DC from which GPO files cannot be downloaded, regardless of reason). This would fail the GPO download with a cryptic "invalid argument" error. Besides the chance of the above happening, autodiscovery also takes longer as opposed to passing a valid DC FQDN to libsmbclient from the start. To fix this, we rewrite the GPO URL in the gPCFileSysPath field to include the FQDN of the domain controller which essentially ensures the DC we get the GPO list from, and the DC we download the GPO data from are the same, minimizing the chance of mismatches like this occurring. This has some drawbacks in the integration tests where we set up a real SMB share and download from it, so we need to ensure the mocked server URL is the actual SMB server. Fixes #733 / UDENG-843
ubuntu · Oct 24, 2023 · 91a6cdd · 91a6cdd
1 parent 5bed0ec
commit 91a6cdd
Show file tree

Hide file tree

Showing 40 changed files with 76 additions and 64 deletions.
diff --git a/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py b/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py
@@ -111,7 +111,10 @@ def sssd_on_bus(bus: dbus.Bus):
         False)
     main_object.AddMethods("", [
         ("IsOnline", "", "b", "ret = True"),
-        ("ActiveServer", "s", "s", 'ret = "adc.example.com"'),
+        # In real environments this is the FQDN of a domain controller
+        # For testing purposes we need to match the value to the underlying SMB
+        # server running on localhost
+        ("ActiveServer", "s", "s", 'ret = "localhost:1446"'),
     ])
 
     main_object.AddObject(

diff --git a/...ests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time b/...ests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time b/...testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...ion_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time b/...ion_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...ests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time b/...ests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...tegration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine b/...tegration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine
@@ -10,7 +10,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...ntegration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache b/...ntegration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com_static-server
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: staticserver.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines b/...adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines
@@ -11,7 +11,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/...integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active b/...integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active
@@ -17,7 +17,7 @@ Active Directory:
   Configuration: testdata/sssd-configs/sssd.conf-example.com
   Cache: /tmp/sss_cache
   Domain: example.com
-  Server FQDN: adc.example.com
+  Server FQDN: localhost:1446
 
 Daemon:
   Timeout after 30s

diff --git a/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server b/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server
@@ -3,4 +3,4 @@ domains = example.com
 
 [domain/example.com]
 ad_domain = example.com
-ad_server = staticserver.example.com
+ad_server = localhost:1446
diff --git a/internal/ad/adsys-gpolist b/internal/ad/adsys-gpolist
@@ -283,8 +283,17 @@ def main():
         return ReturnCode.GPO_FAILED
 
     for g in gpos:
-        print("%s\tsmb:%s" % (g[0], str(g[1]).replace("\\", "/")))
+        gpo_name = g[0]
+        gpo_path = parse_gpo_path(g[1], fqdn)
+        print("%s\t%s" % (gpo_name, gpo_path))
 
+def parse_gpo_path(gpo_path, dc_fqdn):
+    ''' Parse a GPO path to a SMB path with the appropriate DC FQDN '''
+    path = str(gpo_path).replace("\\", "/")
+    parts = path[2:].split("/")
+    parts[0] = dc_fqdn
+
+    return "smb://" +"/".join(parts)
 
 if __name__ == "__main__":
     exit(main())
diff --git a/internal/ad/backends/winbind/mock/libwbclient_mock.c b/internal/ad/backends/winbind/mock/libwbclient_mock.c
@@ -22,7 +22,7 @@ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcD
 
     struct wbcDomainControllerInfo *dc = malloc(sizeof(struct wbcDomainControllerInfo));
     // This is the only field used at the moment
-    dc->dc_name = "\\\\adcontroller.example.com";
+    dc->dc_name = "\\\\localhost:1446";
     *dc_info = dc;
     return WBC_ERR_SUCCESS;
 }

diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline
@@ -1,5 +1,5 @@
 * Domain(): example.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline(): false
 * HostKrb5CCName(): /tmp/krb5cc_0
 * DefaultDomainSuffix(): example.com

diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status
@@ -1,5 +1,5 @@
 * Domain(): example.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline ERROR(): could not get online status for domain "example.com": status code 2
 * HostKrb5CCName(): /tmp/krb5cc_0
 * DefaultDomainSuffix(): example.com

diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc
@@ -1,5 +1,5 @@
 * Domain(): example.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline(): true
 * HostKrb5CCName ERROR(): could not get krb5 cached ticket for "UBUNTU$@EXAMPLE.COM": exit status 1:
 EXIT 1 requested in mock

diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful
@@ -1,5 +1,5 @@
 * Domain(): example.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline(): true
 * HostKrb5CCName(): /tmp/krb5cc_0
 * DefaultDomainSuffix(): example.com

diff --git a/...backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful b/...backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful
@@ -1,5 +1,5 @@
 * Domain(): example.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline(): true
 * HostKrb5CCName(): /tmp/krb5cc_0
 * DefaultDomainSuffix(): example.com

diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain
@@ -1,5 +1,5 @@
 * Domain(): overridden.com
-* ServerFQDN(): adcontroller.example.com
+* ServerFQDN(): localhost:1446
 * IsOnline(): true
 * HostKrb5CCName(): /tmp/krb5cc_0
 * DefaultDomainSuffix(): overridden.com

diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance b/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance
@@ -1 +1 @@
-RnDDepBlockInheritance GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDepBlockInheritance_GPO
+RnDDepBlockInheritance GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDepBlockInheritance_GPO
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters b/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters
@@ -1,4 +1,4 @@
 Searching for account failed with: Failed to find account hostnameWithTruncatedLongName
-ITDep1 GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
-IT GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+ITDep1 GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
+IT GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos
@@ -1,3 +1,3 @@
-RnDDep3 GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep3_GPO
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnDDep3 GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep3_GPO
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos
@@ -1,2 +1,2 @@
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos
@@ -1,2 +1,2 @@
-IT GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+IT GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance
@@ -1,3 +1,3 @@
-RnDDep2 Forced GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO
-SubBlocked GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubBlocked_GPO
-SubDep2BlockInheritance GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubDep2BlockInheritance_GPO
+RnDDep2 Forced GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO
+SubBlocked GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubBlocked_GPO
+SubDep2BlockInheritance GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubDep2BlockInheritance_GPO
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order
@@ -1,5 +1,5 @@
-RnDDep2 Forced GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO
-SubDep2ForcedPolicy Forced GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubDep2ForcedPolicy_Forced_GPO
-RnDDep2 GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_GPO
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnDDep2 Forced GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO
+SubDep2ForcedPolicy Forced GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubDep2ForcedPolicy_Forced_GPO
+RnDDep2 GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_GPO
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/...stdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings b/...stdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings
@@ -1 +1 @@
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated b/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated
@@ -1,3 +1,3 @@
-ITDep1 GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
-IT GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+ITDep1 GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
+IT GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos
@@ -1,3 +1,3 @@
-ITDep1 GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
-IT GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+ITDep1 GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO
+IT GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou b/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou
@@ -1,4 +1,4 @@
-RnDDep1 GPO1	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO1
-RnDDep1 GPO2	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO2
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnDDep1 GPO1	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO1
+RnDDep1 GPO2	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO2
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing b/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing
@@ -1 +1 @@
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes
@@ -1 +1 @@
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string
@@ -1 +1 @@
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0 b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0
@@ -1,2 +1,2 @@
-NogPOptions GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/NogPOptions_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+NogPOptions GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/NogPOptions_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy b/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy
@@ -1,2 +1,2 @@
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo
@@ -1 +1 @@
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/...rnal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user b/...rnal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user
@@ -1,2 +1,2 @@
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo
@@ -1,2 +1,2 @@
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo
@@ -1,4 +1,4 @@
 Failed to fetch gpo object with nTSecurityDescriptor RnDDep4_Security_descriptor_missing_GPO
 
-RnD GPO	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO
-Default Domain Policy	smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
+RnD GPO	smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO
+Default Domain Policy	smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}