3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 mkdir -p $TESTDIR $DBDIR1
21 echo "Running slapadd to build slapd database..."
22 . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
23 $SLAPADD -f $ADDCONF -l $LDIFWHOAMI
25 if test $RC != 0 ; then
26 echo "slapadd failed ($RC)!"
30 echo "Starting slapd on TCP/IP port $PORT..."
31 . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
32 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
34 if test $WAIT != 0 ; then
42 echo "Using ldapsearch to check that slapd is running..."
43 for i in 0 1 2 3 4 5; do
44 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
45 'objectclass=*' > /dev/null 2>&1
47 if test $RC = 0 ; then
50 echo "Waiting 5 seconds for slapd to start..."
54 echo "Testing ldapwhoami as anonymous..."
55 $LDAPWHOAMI -h $LOCALHOST -p $PORT1
58 if test $RC != 0 ; then
59 echo "ldapwhoami failed ($RC)!"
60 test $KILLSERVERS != no && kill -HUP $KILLPIDS
64 echo "Testing ldapwhoami as ${MANAGERDN}..."
65 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD
68 if test $RC != 0 ; then
69 echo "ldapwhoami failed ($RC)!"
70 test $KILLSERVERS != no && kill -HUP $KILLPIDS
74 echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
75 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
79 if test $RC != 0 ; then
80 echo "ldapwhoami failed ($RC)!"
81 test $KILLSERVERS != no && kill -HUP $KILLPIDS
85 echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
86 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
87 -e \!authzid="dn:$BABSDN"
90 if test $RC != 0 ; then
91 echo "ldapwhoami failed ($RC)!"
92 test $KILLSERVERS != no && kill -HUP $KILLPIDS
96 echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
97 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
101 if test $RC != 0 ; then
102 echo "ldapwhoami failed ($RC)!"
103 test $KILLSERVERS != no && kill -HUP $KILLPIDS
107 # authzFrom: someone else => bjorn
108 echo "Testing authzFrom..."
110 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
113 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
114 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
115 -e \!authzid="$AUTHZID"
118 if test $RC != 0 ; then
119 echo "ldapwhoami failed ($RC)!"
120 test $KILLSERVERS != no && kill -HUP $KILLPIDS
124 BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
127 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
128 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
129 -e \!authzid="$AUTHZID"
132 if test $RC != 0 ; then
133 echo "ldapwhoami failed ($RC)!"
134 test $KILLSERVERS != no && kill -HUP $KILLPIDS
138 BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com"
141 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
142 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
143 -e \!authzid="$AUTHZID"
146 if test $RC != 0 ; then
147 echo "ldapwhoami failed ($RC)!"
148 test $KILLSERVERS != no && kill -HUP $KILLPIDS
152 BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
155 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
156 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
157 -e \!authzid="$AUTHZID"
160 if test $RC != 0 ; then
161 echo "ldapwhoami failed ($RC)!"
162 test $KILLSERVERS != no && kill -HUP $KILLPIDS
166 BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
169 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
170 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
171 -e \!authzid="$AUTHZID"
174 if test $RC != 0 ; then
175 echo "ldapwhoami failed ($RC)!"
176 test $KILLSERVERS != no && kill -HUP $KILLPIDS
180 BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
183 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
184 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
185 -e \!authzid="$AUTHZID"
188 if test $RC != 0 ; then
189 echo "ldapwhoami failed ($RC)!"
190 test $KILLSERVERS != no && kill -HUP $KILLPIDS
194 BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
197 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
198 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
199 -e \!authzid="$AUTHZID"
202 if test $RC != 0 ; then
203 echo "ldapwhoami failed ($RC)!"
204 test $KILLSERVERS != no && kill -HUP $KILLPIDS
208 BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
211 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
212 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
213 -e \!authzid="$AUTHZID"
216 if test $RC != 0 ; then
217 echo "ldapwhoami failed ($RC)!"
218 test $KILLSERVERS != no && kill -HUP $KILLPIDS
222 BINDDN="cn=Should Fail,dc=example,dc=com"
225 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
226 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
227 -e \!authzid="$AUTHZID"
230 if test $RC != 1 ; then
231 echo "ldapwhoami failed ($RC)!"
232 test $KILLSERVERS != no && kill -HUP $KILLPIDS
236 BINDDN="cn=Must Fail,dc=example,dc=com"
239 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
240 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
241 -e \!authzid="$AUTHZID"
244 if test $RC != 1 ; then
245 echo "ldapwhoami failed ($RC)!"
246 test $KILLSERVERS != no && kill -HUP $KILLPIDS
250 # authzTo: bjorn => someone else
251 echo "Testing authzTo..."
253 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
256 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
257 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
258 -e \!authzid="$AUTHZID"
261 if test $RC != 0 ; then
262 echo "ldapwhoami failed ($RC)!"
263 test $KILLSERVERS != no && kill -HUP $KILLPIDS
267 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
270 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
271 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
272 -e \!authzid="$AUTHZID"
275 if test $RC != 0 ; then
276 echo "ldapwhoami failed ($RC)!"
277 test $KILLSERVERS != no && kill -HUP $KILLPIDS
281 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
284 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
285 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
286 -e \!authzid="$AUTHZID"
289 if test $RC != 0 ; then
290 echo "ldapwhoami failed ($RC)!"
291 test $KILLSERVERS != no && kill -HUP $KILLPIDS
295 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
298 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
299 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
300 -e \!authzid="$AUTHZID"
303 if test $RC != 0 ; then
304 echo "ldapwhoami failed ($RC)!"
305 test $KILLSERVERS != no && kill -HUP $KILLPIDS
309 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
312 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
313 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
314 -e \!authzid="$AUTHZID"
317 if test $RC != 0 ; then
318 echo "ldapwhoami failed ($RC)!"
319 test $KILLSERVERS != no && kill -HUP $KILLPIDS
323 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
326 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
327 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
328 -e \!authzid="$AUTHZID"
331 if test $RC != 0 ; then
332 echo "ldapwhoami failed ($RC)!"
333 test $KILLSERVERS != no && kill -HUP $KILLPIDS
337 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
340 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
341 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
342 -e \!authzid="$AUTHZID"
345 if test $RC != 0 ; then
346 echo "ldapwhoami failed ($RC)!"
347 test $KILLSERVERS != no && kill -HUP $KILLPIDS
351 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
353 AUTHZID="u:group/itd staff"
354 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
355 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
356 -e \!authzid="$AUTHZID"
359 if test $RC != 0 ; then
360 echo "ldapwhoami failed ($RC)!"
361 test $KILLSERVERS != no && kill -HUP $KILLPIDS
365 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
368 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
369 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
370 -e \!authzid="$AUTHZID"
373 if test $RC != 1 ; then
374 echo "ldapwhoami failed ($RC)!"
375 test $KILLSERVERS != no && kill -HUP $KILLPIDS
379 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
381 AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
382 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
383 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
384 -e \!authzid="$AUTHZID"
387 if test $RC != 1 ; then
388 echo "ldapwhoami failed ($RC)!"
389 test $KILLSERVERS != no && kill -HUP $KILLPIDS
393 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
396 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
397 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
398 -e \!authzid="$AUTHZID"
401 if test $RC != 1 ; then
402 echo "ldapwhoami failed ($RC)!"
403 test $KILLSERVERS != no && kill -HUP $KILLPIDS
407 BINDDN="dc=example,dc=com"
410 echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
411 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
412 -e \!authzid="$AUTHZID"
415 if test $RC != 0 ; then
416 echo "ldapwhoami failed ($RC)!"
417 test $KILLSERVERS != no && kill -HUP $KILLPIDS
421 test $KILLSERVERS != no && kill -HUP $KILLPIDS
423 echo ">>>>> Test succeeded"
426 ## Note to developers: when SLAPD_DEBUG=-1 the command
427 ## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
428 ## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
429 ## to indicate that the authzFrom and authzTo rules applied in the right order.