3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2004 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 ## If you use this script then
20 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
21 ## and --enable-modules is configured yes
22 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
23 echo "dynamic module disabled "
27 mkdir -p $TESTDIR $DBDIR1
29 ## Make sure that you set a proper path to component matching
30 ## module directory in $COMPCONF
31 ## moduleload path/to/component/library/compmatch.la
32 ## otherwise it fails to execute slapd
33 echo "Running slapadd to build slapd database..."
34 . $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
35 $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
37 if test $RC != 0 ; then
38 echo "slapadd failed ($RC)!"
39 echo "Be sure to have a certificate module in tests/data/comp_libs "
40 echo "The module is in openldap/contrib/slapd-modules/comp_match"
44 echo "Running slapindex to index slapd database..."
45 . $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
48 if test $RC != 0 ; then
49 echo "warning: slapindex failed ($RC)"
50 echo " assuming no indexing support"
53 echo "Starting slapd on TCP/IP port $PORT1..."
54 $SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
56 if test $WAIT != 0 ; then
62 echo "Testing slapd searching..."
63 for i in 0 1 2 3 4 5; do
64 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
65 'objectclass=*' > /dev/null 2>&1
67 if test $RC = 0 ; then
70 echo "Waiting 5 seconds for slapd to start..."
74 if test $RC != 0 ; then
75 echo "ldapsearch failed ($RC)!"
76 test $KILLSERVERS != no && kill -HUP $KILLPIDS
80 cat /dev/null > $SEARCHOUT
82 echo "Testing Component Filter Match RFC3687 Certificate searching:"
83 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
85 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
87 echo "# f=$FILTER ..." >> $SEARCHOUT
88 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
89 "$FILTER" >> $SEARCHOUT 2>&1
92 if test $RC != 0 ; then
93 echo "ldapsearch failed ($RC)!"
94 test $KILLSERVERS != no && kill -HUP $KILLPIDS
98 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
100 echo "# f=$FILTER ..." >> $SEARCHOUT
101 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
102 "$FILTER" >> $SEARCHOUT 2>&1
105 if test $RC != 0 ; then
106 echo "ldapsearch failed ($RC)!"
107 test $KILLSERVERS != no && kill -HUP $KILLPIDS
111 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
112 echo " f=$FILTER ..."
113 echo "# f=$FILTER ..." >> $SEARCHOUT
114 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
115 "$FILTER" >> $SEARCHOUT 2>&1
118 if test $RC != 0 ; then
119 echo "ldapsearch failed ($RC)!"
120 test $KILLSERVERS != no && kill -HUP $KILLPIDS
124 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
125 echo " f=$FILTER ..."
126 echo "# f=$FILTER ..." >> $SEARCHOUT
127 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
128 "$FILTER" >> $SEARCHOUT 2>&1
131 if test $RC != 0 ; then
132 echo "ldapsearch failed ($RC)!"
133 test $KILLSERVERS != no && kill -HUP $KILLPIDS
137 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
138 echo " f=$FILTER ..."
139 echo "# f=$FILTER ..." >> $SEARCHOUT
140 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
141 "$FILTER" >> $SEARCHOUT 2>&1
144 if test $RC != 0 ; then
145 echo "ldapsearch failed ($RC)!"
146 test $KILLSERVERS != no && kill -HUP $KILLPIDS
150 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })"
151 echo " f=$FILTER ..."
152 echo "# f=$FILTER ..." >> $SEARCHOUT
153 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
154 "$FILTER" >> $SEARCHOUT 2>&1
157 if test $RC != 0 ; then
158 echo "ldapsearch failed ($RC)!"
159 test $KILLSERVERS != no && kill -HUP $KILLPIDS
163 FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
164 echo " f=$FILTER ..."
165 echo "# f=$FILTER ..." >> $SEARCHOUT
166 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
167 "$FILTER" >> $SEARCHOUT 2>&1
170 if test $RC != 0 ; then
171 echo "ldapsearch failed ($RC)!"
172 test $KILLSERVERS != no && kill -HUP $KILLPIDS
176 FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
177 echo " f=$FILTER ..."
178 echo "# f=$FILTER ..." >> $SEARCHOUT
179 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
180 "$FILTER" >> $SEARCHOUT 2>&1
183 if test $RC != 0 ; then
184 echo "ldapsearch failed ($RC)!"
185 test $KILLSERVERS != no && kill -HUP $KILLPIDS
189 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
190 echo " f=$FILTER ..."
191 echo "# f=$FILTER ..." >> $SEARCHOUT
192 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
193 "$FILTER" >> $SEARCHOUT 2>&1
196 if test $RC != 0 ; then
197 echo "ldapsearch failed ($RC)!"
198 test $KILLSERVERS != no && kill -HUP $KILLPIDS
202 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
203 echo " f=$FILTER ..."
204 echo "# f=$FILTER ..." >> $SEARCHOUT
205 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
206 "$FILTER" >> $SEARCHOUT 2>&1
209 if test $RC != 0 ; then
210 echo "ldapsearch failed ($RC)!"
211 test $KILLSERVERS != no && kill -HUP $KILLPIDS
217 test $KILLSERVERS != no && kill -HUP $KILLPIDS
219 echo "Filtering ldapsearch results..."
220 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
221 echo "Comparing filter output..."
222 $CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
224 if test $? != 0 ; then
225 echo "Comparison failed"
229 echo ">>>>> Test succeeded"