Use ordered input to slapadd(8) as required by back-bdb

[openldap] / tests / scripts / test006-acls

#! /bin/sh
# $OpenLDAP$

if test $# -eq 0 ; then
        SRCDIR="."
else
        SRCDIR=$1; shift
fi
if test $# -eq 1 ; then
        BACKEND=$1; shift
fi

echo "running defines.sh $SRCDIR $BACKEND"
. $SRCDIR/scripts/defines.sh

echo "Cleaning up in $DBDIR..."

rm -f $DBDIR/[!C]*

echo "Running slapadd to build slapd database..."
$SLAPADD -f $CONF -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
        echo "slapadd failed ($RC)!"
        exit $RC
fi

echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $ACLCONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!

echo "Testing slapd access control..."
for i in 0 1 2 3 4 5; do
        $LDAPSEARCH -s base -b "$MONITOR" -h localhost -p $PORT \
                'objectclass=*' > /dev/null 2>&1
        RC=$?
        if test $RC = 1 ; then
                echo "Waiting 5 seconds for slapd to start..."
                sleep 5
        fi
done

if test $RC != 0 ; then
        echo "ldapsearch failed ($RC)!"
        kill -HUP $PID
        exit $RC
fi

cat /dev/null > $SEARCHOUT

#
# Try to read an entry inside the Alumni Association container.  It should
# give us nothing if we're not bound, and should return all attributes
# if we're bound as anyone under UM.
#
$LDAPSEARCH -b "$JAJDN" -h localhost -p $PORT "objectclass=*" \
        >> $SEARCHOUT 2>&1

$LDAPSEARCH -b "$JAJDN" -h localhost -p $PORT \
        -D "$BABSDN" -w bjensen "objectclass=*"  >> $SEARCHOUT 2>&1


#
# Try to add a "member" attribute to the "All Staff" group.  It should
# fail when we add some DN other than our own, and should succeed when
# we add our own DN.
# bjensen
$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj > \
        $TESTOUT 2>&1 << EOMODS1
version: 1
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
add: member
member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US

EOMODS1

$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj >> \
        $TESTOUT 2>&1 << EOMODS2
version: 1

dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
add: member
member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Michigan, c=US
EOMODS2

#
# Try to modify the "All Staff" group.  Two attempts are made:
# 1) bound as "James A Jones 1" - should fail
# 2) bound as "Barbara Jensen" - should succeed
#
$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj >> \
        $TESTOUT 2>&1 << EOMODS3

dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
delete: member

EOMODS3

$LDAPMODIFY -D "$BJORNSDN" -h localhost -p $PORT -w bjorn >> \
        $TESTOUT 2>&1 << EOMODS4
# COMMENT
version: 1
# comment
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
# comment
changetype: modify
# comment
add: ou
# comment
ou: Groups
# comment
EOMODS4

echo "Using ldapsearch to retrieve all the entries..."
$LDAPSEARCH -S "" -b "$BASEDN" -h localhost -p $PORT \
            'objectClass=*' | . $SRCDIR/scripts/acfilter.sh >> $SEARCHOUT 2>&1
RC=$?
kill -HUP $PID
if test $RC != 0 ; then
        echo "ldapsearch failed ($RC)!"
        exit $RC
fi

LDIF=$ACLOUTMASTER

echo "Filtering ldapsearch results..."
. $SRCDIR/scripts/acfilter.sh < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
. $SRCDIR/scripts/acfilter.sh < $LDIF > $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT

if test $? != 0 ; then
        echo "comparison failed - modify operations did not complete correctly"
        exit 1
fi

echo ">>>>> Test succeeded"


exit 0