3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
20 echo "Test does not support $BACKEND backend"
24 echo "running defines.sh"
25 . $SRCDIR/scripts/defines.sh
27 if test "$ACI" = "acino" ; then
28 echo "ACI not enabled; skipping..."
32 mkdir -p $TESTDIR $DBDIR1
34 echo "Running slapadd to build slapd database..."
35 . $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1
36 $SLAPADD -f $CONF1 -l $LDIFORDERED
38 if test $RC != 0 ; then
39 echo "slapadd failed ($RC)!"
43 echo "Starting slapd on TCP/IP port $PORT1..."
44 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
46 if test $WAIT != 0 ; then
52 echo "Testing slapd ACI access control..."
53 for i in 0 1 2 3 4 5; do
54 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
55 'objectclass=*' > /dev/null 2>&1
57 if test $RC = 0 ; then
60 echo "Waiting 5 seconds for slapd to start..."
64 if test $RC != 0 ; then
65 echo "ldapsearch failed ($RC)!"
66 test $KILLSERVERS != no && kill -HUP $KILLPIDS
70 cat /dev/null > $SEARCHOUT
71 cat /dev/null > $TESTOUT
74 BASEDN="dc=example,dc=com"
75 echo "Searching \"$BASEDN\" (should fail)..."
76 echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT
77 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
78 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
80 if test $RC != 32 ; then
81 echo "ldapsearch should have failed ($RC)!"
82 test $KILLSERVERS != no && kill -HUP $KILLPIDS
87 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
89 echo "Testing ldapwhoami as ${BINDDN} (should fail)..."
90 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
92 if test $RC = 0 ; then
93 echo "ldapwhoami should have failed!"
94 test $KILLSERVERS != no && kill -HUP $KILLPIDS
99 echo "Writing ACIs as \"$MANAGERDN\"..."
100 $LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
101 >> $TESTOUT 2>&1 << EOMODS0
102 dn: dc=example,dc=com
105 OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe
106 mber#cn=ITD Staff,ou=Groups,dc=example,dc=com
107 OpenLDAPaci: 1#entry#grant;d;[all]#public#
109 dn: ou=People,dc=example,dc=com
112 OpenLDAPaci: 0#subtree#grant;x;userPassword#public#
113 OpenLDAPaci: 1#subtree#grant;w;userPassword#self#
114 OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf
115 ormation Technology Division,ou=People,dc=example,dc=com
117 dn: ou=Groups,dc=example,dc=com
120 OpenLDAPaci: 0#entry#grant;s;[all]#public#
121 OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen
122 sen,ou=Information Technology Division,ou=People,dc=example,dc=com
125 if test $RC != 0 ; then
126 echo "ldapmodify failed ($RC)!"
127 test $KILLSERVERS != no && kill -HUP $KILLPIDS
131 # Search must succeed with no results
132 BASEDN="dc=example,dc=com"
133 echo "Searching \"$BASEDN\" (should succeed with no results)..."
134 echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT
135 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
136 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
138 if test $RC != 0 ; then
139 ### TEMPORARY (see ITS#3963)
140 echo "ldapsearch failed ($RC)! IGNORED..."
141 ###echo "ldapsearch failed ($RC)!"
142 ###test $KILLSERVERS != no && kill -HUP $KILLPIDS
146 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
148 echo "Testing ldapwhoami as ${BINDDN}..."
149 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
151 if test $RC != 0 ; then
152 echo "ldapwhoami failed ($RC)!"
153 test $KILLSERVERS != no && kill -HUP $KILLPIDS
157 # Search must succeed
158 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
160 BASEDN="dc=example,dc=com"
161 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
162 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
163 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
164 -D "$BINDDN" -w "$BINDPW" \
165 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
167 if test $RC != 0 ; then
168 echo "ldapsearch failed ($RC)!"
169 test $KILLSERVERS != no && kill -HUP $KILLPIDS
173 # Passwd must succeed
174 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
176 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
178 echo "Setting \"$TGT\" password..."
179 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
180 -w "$BINDPW" -s "$NEWPW" \
181 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
183 if test $RC != 0 ; then
184 echo "ldappasswd failed ($RC)!"
185 test $KILLSERVERS != no && kill -HUP $KILLPIDS
189 # Re-change as self...
190 echo "Changing self password..."
193 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
195 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
196 -w "$BINDPW" -s "$NEWPW" \
197 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
199 if test $RC != 0 ; then
200 echo "ldappasswd failed ($RC)!"
201 test $KILLSERVERS != no && kill -HUP $KILLPIDS
207 BASEDN="ou=Groups,dc=example,dc=com"
208 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
209 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
210 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
211 -D "$BINDDN" -w "$BINDPW" \
212 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
214 if test $RC != 0 ; then
215 echo "ldapsearch failed ($RC)!"
216 test $KILLSERVERS != no && kill -HUP $KILLPIDS
221 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
223 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
224 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
225 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
226 -D "$BINDDN" -w "$BINDPW" \
227 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
229 if test $RC != 0 ; then
230 echo "ldapsearch failed ($RC)!"
231 test $KILLSERVERS != no && kill -HUP $KILLPIDS
235 test $KILLSERVERS != no && kill -HUP $KILLPIDS
239 echo "Filtering ldapsearch results..."
240 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
241 echo "Filtering original ldif used to create database..."
242 . $LDIFFILTER < $LDIF > $LDIFFLT
243 echo "Comparing filter output..."
244 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
246 if test $? != 0 ; then
247 echo "comparison failed - operations did not complete correctly"
251 echo ">>>>> Test succeeded"