3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2008 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
20 echo "Test does not support $BACKEND backend"
24 echo "running defines.sh"
25 . $SRCDIR/scripts/defines.sh
27 mkdir -p $TESTDIR $DBDIR1
29 echo "Running slapadd to build slapd database..."
30 . $CONFFILTER $BACKEND $MONITORDB < $ACLCONF > $CONF1
31 $SLAPADD -f $CONF1 -l $LDIFORDERED
33 if test $RC != 0 ; then
34 echo "slapadd failed ($RC)!"
38 echo "Starting slapd on TCP/IP port $PORT1..."
39 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
41 if test $WAIT != 0 ; then
49 echo "Testing slapd access control..."
50 for i in 0 1 2 3 4 5; do
51 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
52 'objectclass=*' > /dev/null 2>&1
54 if test $RC = 0 ; then
57 echo "Waiting 5 seconds for slapd to start..."
61 if test $RC != 0 ; then
62 echo "ldapsearch failed ($RC)!"
63 test $KILLSERVERS != no && kill -HUP $KILLPIDS
67 cat /dev/null > $SEARCHOUT
69 echo "# Try to read an entry inside the Alumni Association container.
70 # It should give us noSuchObject if we're not bound..." \
72 # FIXME: temporarily remove the "No such object" message to make
73 # the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd
74 $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "(objectclass=*)" \
75 2>&1 | grep -v "^No such object" >> $SEARCHOUT
77 echo "# ... and should return all attributes if we're bound as anyone
80 $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \
81 -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
83 # check selfwrite access (ITS#4587). 6 attempts are made:
84 # 1) delete someone else (should fail)
85 # 2) delete self (should succeed)
86 # 3) add someone else (should fail)
87 # 4) add someone else and self (should fail)
88 # 5) add self and someone else (should fail)
89 # 6) add self (should succeed)
91 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
92 $TESTOUT 2>&1 << EOMODS
93 dn: cn=All Staff,ou=Groups,dc=example,dc=com
103 echo "ldapmodify should have failed ($RC)!"
104 test $KILLSERVERS != no && kill -HUP $KILLPIDS
108 echo "ldapmodify failed ($RC)!"
109 test $KILLSERVERS != no && kill -HUP $KILLPIDS
114 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
115 $TESTOUT 2>&1 << EOMODS
116 dn: cn=All Staff,ou=Groups,dc=example,dc=com
122 if test $RC != 0 ; then
123 echo "ldapmodify failed ($RC)!"
124 test $KILLSERVERS != no && kill -HUP $KILLPIDS
128 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
129 $TESTOUT 2>&1 << EOMODS
130 dn: cn=All Staff,ou=Groups,dc=example,dc=com
133 member: cn=Foo,ou=Bar
140 echo "ldapmodify should have failed ($RC)!"
141 test $KILLSERVERS != no && kill -HUP $KILLPIDS
145 echo "ldapmodify failed ($RC)!"
146 test $KILLSERVERS != no && kill -HUP $KILLPIDS
151 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
152 $TESTOUT 2>&1 << EOMODS
153 dn: cn=All Staff,ou=Groups,dc=example,dc=com
156 member: cn=Foo,ou=Bar
164 echo "ldapmodify should have failed ($RC)!"
165 test $KILLSERVERS != no && kill -HUP $KILLPIDS
169 echo "ldapmodify failed ($RC)!"
170 test $KILLSERVERS != no && kill -HUP $KILLPIDS
175 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
176 $TESTOUT 2>&1 << EOMODS
177 dn: cn=All Staff,ou=Groups,dc=example,dc=com
181 member: cn=Foo,ou=Bar
188 echo "ldapmodify should have failed ($RC)!"
189 test $KILLSERVERS != no && kill -HUP $KILLPIDS
193 echo "ldapmodify failed ($RC)!"
194 test $KILLSERVERS != no && kill -HUP $KILLPIDS
199 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
200 $TESTOUT 2>&1 << EOMODS
201 dn: cn=All Staff,ou=Groups,dc=example,dc=com
207 if test $RC != 0 ; then
208 echo "ldapmodify failed ($RC)!"
209 test $KILLSERVERS != no && kill -HUP $KILLPIDS
214 # Check group access. Try to modify Babs' entry. Two attempts:
215 # 1) bound as "James A Jones 1" - should fail
216 # 2) bound as "Bjorn Jensen" - should succeed
218 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
219 $TESTOUT 2>&1 << EOMODS5
228 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
229 $TESTOUT 2>&1 << EOMODS6
233 homephone: +1 313 555 5444
238 # Try to add a "member" attribute to the "ITD Staff" group. It should
239 # fail when we add some DN other than our own, and should succeed when
242 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj > \
243 $TESTOUT 2>&1 << EOMODS1
245 dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
248 uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
252 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
253 $TESTOUT 2>&1 << EOMODS2
256 dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
259 uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
263 # Try to modify the "ITD Staff" group. Two attempts are made:
264 # 1) bound as "James A Jones 1" - should fail
265 # 2) bound as "Bjorn Jensen" - should succeed
267 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
268 $TESTOUT 2>&1 << EOMODS3
270 dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
276 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
277 $TESTOUT 2>&1 << EOMODS4
281 dn: cn=ITD Staff, ou=Groups, dc=example, dc=com
292 # Try to modify the "ITD Staff" group. Two attempts are made:
293 # 1) bound as "James A Jones 1" - should succeed
294 # 2) bound as "Barbara Jensen" - should fail
295 # should exploit sets
297 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
298 $TESTOUT 2>&1 << EOMODS5
299 dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
302 description: added by jaj (should succeed)
306 $LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
307 $TESTOUT 2>&1 << EOMODS6
308 dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
311 description: added by bjensen (should fail)
315 $LDAPMODIFY -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
316 $TESTOUT 2>&1 << EOMODS7
317 dn: ou=Add & Delete,dc=example,dc=com
319 objectClass: organizationalUnit
323 $LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
324 $TESTOUT 2>&1 << EOMODS8
325 dn: cn=Added by Babs (must fail),ou=Add & Delete,dc=example,dc=com
327 objectClass: inetOrgPerson
328 cn: Added by Babs (must fail)
332 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
333 $TESTOUT 2>&1 << EOMODS9
334 dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
336 objectClass: inetOrgPerson
337 cn: Added by Bjorn (must succeed)
340 dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
342 objectClass: inetOrgPerson
343 cn: Added by Bjorn (will be deleted)
346 dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
348 objectClass: inetOrgPerson
349 cn: Added by Bjorn (will be renamed)
352 dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
355 description: this attribute value has been added __after__entry creation
356 description: this attribute value will be deleted by Babs (must succeed)
357 description: Bjorn will try to delete this attribute value (should fail)
361 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
362 $TESTOUT 2>&1 << EOMODS10
363 dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
367 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
368 $TESTOUT 2>&1 << EOMODS11
369 dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
371 newrdn: cn=Added by Bjorn (renamed by Bjorn)
375 $LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
376 $TESTOUT 2>&1 << EOMODS12
377 dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
379 newrdn: cn=Added by Bjorn (renamed by Babs)
383 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
384 $TESTOUT 2>&1 << EOMODS13
385 dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com
387 newrdn: cn=Added by Bjorn (renamed by Jaj)
391 $LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
392 $TESTOUT 2>&1 << EOMODS14
393 dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
396 description: Bjorn will try to delete this attribute value (should fail)
400 $LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
401 $TESTOUT 2>&1 << EOMODS15
402 dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com
405 dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com
408 description: this attribute value will be deleted by Babs (must succeed)
412 echo "Using ldapsearch to retrieve all the entries..."
413 echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
414 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
415 'objectClass=*' >> $SEARCHOUT 2>&1
417 test $KILLSERVERS != no && kill -HUP $KILLPIDS
418 if test $RC != 0 ; then
419 echo "ldapsearch failed ($RC)!"
425 echo "Filtering ldapsearch results..."
426 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
427 echo "Filtering original ldif used to create database..."
428 . $LDIFFILTER < $LDIF > $LDIFFLT
429 echo "Comparing filter output..."
430 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
432 if test $? != 0 ; then
433 echo "comparison failed - operations did not complete correctly"
437 echo ">>>>> Test succeeded"