3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 mkdir -p $TESTDIR $DBDIR1
21 echo "Running slapadd to build slapd database..."
22 . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
23 $SLAPADD -f $ADDCONF -l $LDIFWHOAMI
25 if test $RC != 0 ; then
26 echo "slapadd failed ($RC)!"
30 echo "Starting slapd on TCP/IP port $PORT..."
31 . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
32 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
34 if test $WAIT != 0 ; then
40 echo "Using ldapsearch to check that slapd is running..."
41 for i in 0 1 2 3 4 5; do
42 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
43 'objectclass=*' > /dev/null 2>&1
45 if test $RC = 0 ; then
48 echo "Waiting 5 seconds for slapd to start..."
52 echo "Testing ldapwhoami as anonymous..."
53 $LDAPWHOAMI -h $LOCALHOST -p $PORT1
56 if test $RC != 0 ; then
57 echo "ldapwhoami failed ($RC)!"
58 test $KILLSERVERS != no && kill -HUP $KILLPIDS
62 echo "Testing ldapwhoami as ${MANAGERDN}..."
63 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD
66 if test $RC != 0 ; then
67 echo "ldapwhoami failed ($RC)!"
68 test $KILLSERVERS != no && kill -HUP $KILLPIDS
72 echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
73 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
77 if test $RC != 0 ; then
78 echo "ldapwhoami failed ($RC)!"
79 test $KILLSERVERS != no && kill -HUP $KILLPIDS
83 echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
84 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
85 -e \!authzid="dn:$BABSDN"
88 if test $RC != 0 ; then
89 echo "ldapwhoami failed ($RC)!"
90 test $KILLSERVERS != no && kill -HUP $KILLPIDS
94 echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
95 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
99 if test $RC != 0 ; then
100 echo "ldapwhoami failed ($RC)!"
101 test $KILLSERVERS != no && kill -HUP $KILLPIDS
105 # authzFrom: someone else => bjorn
106 echo "Testing authzFrom..."
108 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
111 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
112 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
113 -e \!authzid="$AUTHZID"
116 if test $RC != 0 ; then
117 echo "ldapwhoami failed ($RC)!"
118 test $KILLSERVERS != no && kill -HUP $KILLPIDS
122 BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
125 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
126 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
127 -e \!authzid="$AUTHZID"
130 if test $RC != 0 ; then
131 echo "ldapwhoami failed ($RC)!"
132 test $KILLSERVERS != no && kill -HUP $KILLPIDS
136 BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com"
139 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
140 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
141 -e \!authzid="$AUTHZID"
144 if test $RC != 0 ; then
145 echo "ldapwhoami failed ($RC)!"
146 test $KILLSERVERS != no && kill -HUP $KILLPIDS
150 BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
153 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
154 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
155 -e \!authzid="$AUTHZID"
158 if test $RC != 0 ; then
159 echo "ldapwhoami failed ($RC)!"
160 test $KILLSERVERS != no && kill -HUP $KILLPIDS
164 BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
167 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
168 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
169 -e \!authzid="$AUTHZID"
172 if test $RC != 0 ; then
173 echo "ldapwhoami failed ($RC)!"
174 test $KILLSERVERS != no && kill -HUP $KILLPIDS
178 BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
181 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
182 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
183 -e \!authzid="$AUTHZID"
186 if test $RC != 0 ; then
187 echo "ldapwhoami failed ($RC)!"
188 test $KILLSERVERS != no && kill -HUP $KILLPIDS
192 BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
195 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
196 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
197 -e \!authzid="$AUTHZID"
200 if test $RC != 0 ; then
201 echo "ldapwhoami failed ($RC)!"
202 test $KILLSERVERS != no && kill -HUP $KILLPIDS
206 BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
209 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
210 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
211 -e \!authzid="$AUTHZID"
214 if test $RC != 0 ; then
215 echo "ldapwhoami failed ($RC)!"
216 test $KILLSERVERS != no && kill -HUP $KILLPIDS
220 BINDDN="cn=Should Fail,dc=example,dc=com"
223 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
224 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
225 -e \!authzid="$AUTHZID"
228 if test $RC != 1 ; then
229 echo "ldapwhoami failed ($RC)!"
230 test $KILLSERVERS != no && kill -HUP $KILLPIDS
234 BINDDN="cn=Must Fail,dc=example,dc=com"
237 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
238 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
239 -e \!authzid="$AUTHZID"
242 if test $RC != 1 ; then
243 echo "ldapwhoami failed ($RC)!"
244 test $KILLSERVERS != no && kill -HUP $KILLPIDS
248 # authzTo: bjorn => someone else
249 echo "Testing authzTo..."
251 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
254 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
255 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
256 -e \!authzid="$AUTHZID"
259 if test $RC != 0 ; then
260 echo "ldapwhoami failed ($RC)!"
261 test $KILLSERVERS != no && kill -HUP $KILLPIDS
265 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
268 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
269 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
270 -e \!authzid="$AUTHZID"
273 if test $RC != 0 ; then
274 echo "ldapwhoami failed ($RC)!"
275 test $KILLSERVERS != no && kill -HUP $KILLPIDS
279 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
282 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
283 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
284 -e \!authzid="$AUTHZID"
287 if test $RC != 0 ; then
288 echo "ldapwhoami failed ($RC)!"
289 test $KILLSERVERS != no && kill -HUP $KILLPIDS
293 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
296 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
297 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
298 -e \!authzid="$AUTHZID"
301 if test $RC != 0 ; then
302 echo "ldapwhoami failed ($RC)!"
303 test $KILLSERVERS != no && kill -HUP $KILLPIDS
307 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
310 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
311 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
312 -e \!authzid="$AUTHZID"
315 if test $RC != 0 ; then
316 echo "ldapwhoami failed ($RC)!"
317 test $KILLSERVERS != no && kill -HUP $KILLPIDS
321 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
324 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
325 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
326 -e \!authzid="$AUTHZID"
329 if test $RC != 0 ; then
330 echo "ldapwhoami failed ($RC)!"
331 test $KILLSERVERS != no && kill -HUP $KILLPIDS
335 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
338 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
339 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
340 -e \!authzid="$AUTHZID"
343 if test $RC != 0 ; then
344 echo "ldapwhoami failed ($RC)!"
345 test $KILLSERVERS != no && kill -HUP $KILLPIDS
349 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
351 AUTHZID="u:group/itd staff"
352 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
353 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
354 -e \!authzid="$AUTHZID"
357 if test $RC != 0 ; then
358 echo "ldapwhoami failed ($RC)!"
359 test $KILLSERVERS != no && kill -HUP $KILLPIDS
363 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
366 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
367 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
368 -e \!authzid="$AUTHZID"
371 if test $RC != 1 ; then
372 echo "ldapwhoami failed ($RC)!"
373 test $KILLSERVERS != no && kill -HUP $KILLPIDS
377 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
379 AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
380 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
381 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
382 -e \!authzid="$AUTHZID"
385 if test $RC != 1 ; then
386 echo "ldapwhoami failed ($RC)!"
387 test $KILLSERVERS != no && kill -HUP $KILLPIDS
391 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
394 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
395 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
396 -e \!authzid="$AUTHZID"
399 if test $RC != 1 ; then
400 echo "ldapwhoami failed ($RC)!"
401 test $KILLSERVERS != no && kill -HUP $KILLPIDS
405 BINDDN="dc=example,dc=com"
408 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
409 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
410 -e \!authzid="$AUTHZID"
413 if test $RC != 0 ; then
414 echo "ldapwhoami failed ($RC)!"
415 test $KILLSERVERS != no && kill -HUP $KILLPIDS
419 test $KILLSERVERS != no && kill -HUP $KILLPIDS
421 echo ">>>>> Test succeeded"
424 ## Note to developers: when SLAPD_DEBUG=-1 the command
425 ## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
426 ## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
427 ## to indicate that the authzFrom and authzTo rules applied in the right order.