3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2006 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
23 echo "Test does not support $BACKEND backend"
28 echo "running defines.sh"
29 . $SRCDIR/scripts/defines.sh
31 if test "$ACI" = "acino" ; then
32 echo "ACI not enabled, test skipped"
36 mkdir -p $TESTDIR $DBDIR1
38 echo "Running slapadd to build slapd database..."
39 . $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1
40 $SLAPADD -f $CONF1 -l $LDIFORDERED
42 if test $RC != 0 ; then
43 echo "slapadd failed ($RC)!"
47 echo "Starting slapd on TCP/IP port $PORT1..."
48 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
50 if test $WAIT != 0 ; then
58 echo "Testing slapd ACI access control..."
59 for i in 0 1 2 3 4 5; do
60 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
61 'objectclass=*' > /dev/null 2>&1
63 if test $RC = 0 ; then
66 echo "Waiting 5 seconds for slapd to start..."
70 if test $RC != 0 ; then
71 echo "ldapsearch failed ($RC)!"
72 test $KILLSERVERS != no && kill -HUP $KILLPIDS
76 cat /dev/null > $SEARCHOUT
77 cat /dev/null > $TESTOUT
80 BASEDN="dc=example,dc=com"
81 echo "Searching \"$BASEDN\" (should fail)..."
82 echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT
83 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
84 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
86 if test $RC != 32 ; then
87 echo "ldapsearch should have failed with noSuchObject ($RC)!"
88 test $KILLSERVERS != no && kill -HUP $KILLPIDS
89 if test $RC = 0 ; then
96 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
98 echo "Testing ldapwhoami as ${BINDDN} (should fail)..."
99 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
101 if test $RC = 0 ; then
102 echo "ldapwhoami should have failed!"
103 test $KILLSERVERS != no && kill -HUP $KILLPIDS
108 echo "Writing ACIs as \"$MANAGERDN\"..."
109 $LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
110 >> $TESTOUT 2>&1 << EOMODS0
111 dn: dc=example,dc=com
114 OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe
115 mber#cn=ITD Staff,ou=Groups,dc=example,dc=com
116 OpenLDAPaci: 1#entry#grant;d;[all]#public#
118 dn: ou=People,dc=example,dc=com
121 OpenLDAPaci: 0#subtree#grant;x;userPassword#public#
122 OpenLDAPaci: 1#subtree#grant;w;userPassword#self#
123 OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf
124 ormation Technology Division,ou=People,dc=example,dc=com
126 dn: ou=Groups,dc=example,dc=com
129 OpenLDAPaci: 0#entry#grant;s;[all]#public#
130 OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen
131 sen,ou=Information Technology Division,ou=People,dc=example,dc=com
134 if test $RC != 0 ; then
135 echo "ldapmodify failed ($RC)!"
136 test $KILLSERVERS != no && kill -HUP $KILLPIDS
140 # Search must succeed with no results
141 BASEDN="dc=example,dc=com"
142 echo "Searching \"$BASEDN\" (should succeed with no results)..."
143 echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT
144 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
145 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
147 if test $RC != 0 ; then
148 ### TEMPORARY (see ITS#3963)
149 echo "ldapsearch failed ($RC)! IGNORED..."
150 ###echo "ldapsearch failed ($RC)!"
151 ###test $KILLSERVERS != no && kill -HUP $KILLPIDS
155 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
157 echo "Testing ldapwhoami as ${BINDDN}..."
158 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
160 if test $RC != 0 ; then
161 echo "ldapwhoami failed ($RC)!"
162 test $KILLSERVERS != no && kill -HUP $KILLPIDS
166 # Search must succeed
167 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
169 BASEDN="dc=example,dc=com"
170 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
171 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
172 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
173 -D "$BINDDN" -w "$BINDPW" \
174 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
176 if test $RC != 0 ; then
177 echo "ldapsearch failed ($RC)!"
178 test $KILLSERVERS != no && kill -HUP $KILLPIDS
182 # Passwd must succeed
183 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
185 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
187 echo "Setting \"$TGT\" password..."
188 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
189 -w "$BINDPW" -s "$NEWPW" \
190 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
192 if test $RC != 0 ; then
193 echo "ldappasswd failed ($RC)!"
194 test $KILLSERVERS != no && kill -HUP $KILLPIDS
198 # Re-change as self...
199 echo "Changing self password..."
202 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
204 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
205 -w "$BINDPW" -s "$NEWPW" \
206 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
208 if test $RC != 0 ; then
209 echo "ldappasswd failed ($RC)!"
210 test $KILLSERVERS != no && kill -HUP $KILLPIDS
216 BASEDN="ou=Groups,dc=example,dc=com"
217 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
218 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
219 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
220 -D "$BINDDN" -w "$BINDPW" \
221 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
223 if test $RC != 0 ; then
224 echo "ldapsearch failed ($RC)!"
225 test $KILLSERVERS != no && kill -HUP $KILLPIDS
230 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
232 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
233 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
234 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
235 -D "$BINDDN" -w "$BINDPW" \
236 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
238 if test $RC != 0 ; then
239 echo "ldapsearch failed ($RC)!"
240 test $KILLSERVERS != no && kill -HUP $KILLPIDS
244 test $KILLSERVERS != no && kill -HUP $KILLPIDS
248 echo "Filtering ldapsearch results..."
249 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
250 echo "Filtering original ldif used to create database..."
251 . $LDIFFILTER < $LDIF > $LDIFFLT
252 echo "Comparing filter output..."
253 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
255 if test $? != 0 ; then
256 echo "comparison failed - operations did not complete correctly"
260 echo ">>>>> Test succeeded"