3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
20 echo "Test does not support $BACKEND backend"
25 echo "running defines.sh"
26 . $SRCDIR/scripts/defines.sh
28 if test "$ACI" = "acino" ; then
29 echo "ACI not enabled; skipping..."
33 mkdir -p $TESTDIR $DBDIR1
35 echo "Running slapadd to build slapd database..."
36 . $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1
37 $SLAPADD -f $CONF1 -l $LDIFORDERED
39 if test $RC != 0 ; then
40 echo "slapadd failed ($RC)!"
44 echo "Starting slapd on TCP/IP port $PORT1..."
45 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
47 if test $WAIT != 0 ; then
53 echo "Testing slapd ACI access control..."
54 for i in 0 1 2 3 4 5; do
55 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
56 'objectclass=*' > /dev/null 2>&1
58 if test $RC = 0 ; then
61 echo "Waiting 5 seconds for slapd to start..."
65 if test $RC != 0 ; then
66 echo "ldapsearch failed ($RC)!"
67 test $KILLSERVERS != no && kill -HUP $KILLPIDS
71 cat /dev/null > $SEARCHOUT
72 cat /dev/null > $TESTOUT
75 BASEDN="dc=example,dc=com"
76 echo "Searching \"$BASEDN\" (should fail)..."
77 echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT
78 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
79 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
81 if test $RC != 32 ; then
82 echo "ldapsearch should have failed with noSuchObject ($RC)!"
83 test $KILLSERVERS != no && kill -HUP $KILLPIDS
84 if test $RC = 0 ; then
91 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
93 echo "Testing ldapwhoami as ${BINDDN} (should fail)..."
94 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
96 if test $RC = 0 ; then
97 echo "ldapwhoami should have failed!"
98 test $KILLSERVERS != no && kill -HUP $KILLPIDS
103 echo "Writing ACIs as \"$MANAGERDN\"..."
104 $LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
105 >> $TESTOUT 2>&1 << EOMODS0
106 dn: dc=example,dc=com
109 OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe
110 mber#cn=ITD Staff,ou=Groups,dc=example,dc=com
111 OpenLDAPaci: 1#entry#grant;d;[all]#public#
113 dn: ou=People,dc=example,dc=com
116 OpenLDAPaci: 0#subtree#grant;x;userPassword#public#
117 OpenLDAPaci: 1#subtree#grant;w;userPassword#self#
118 OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf
119 ormation Technology Division,ou=People,dc=example,dc=com
121 dn: ou=Groups,dc=example,dc=com
124 OpenLDAPaci: 0#entry#grant;s;[all]#public#
125 OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen
126 sen,ou=Information Technology Division,ou=People,dc=example,dc=com
129 if test $RC != 0 ; then
130 echo "ldapmodify failed ($RC)!"
131 test $KILLSERVERS != no && kill -HUP $KILLPIDS
135 # Search must succeed with no results
136 BASEDN="dc=example,dc=com"
137 echo "Searching \"$BASEDN\" (should succeed with no results)..."
138 echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT
139 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
140 '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
142 if test $RC != 0 ; then
143 ### TEMPORARY (see ITS#3963)
144 echo "ldapsearch failed ($RC)! IGNORED..."
145 ###echo "ldapsearch failed ($RC)!"
146 ###test $KILLSERVERS != no && kill -HUP $KILLPIDS
150 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
152 echo "Testing ldapwhoami as ${BINDDN}..."
153 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
155 if test $RC != 0 ; then
156 echo "ldapwhoami failed ($RC)!"
157 test $KILLSERVERS != no && kill -HUP $KILLPIDS
161 # Search must succeed
162 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
164 BASEDN="dc=example,dc=com"
165 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
166 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
167 $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
168 -D "$BINDDN" -w "$BINDPW" \
169 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
171 if test $RC != 0 ; then
172 echo "ldapsearch failed ($RC)!"
173 test $KILLSERVERS != no && kill -HUP $KILLPIDS
177 # Passwd must succeed
178 BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
180 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
182 echo "Setting \"$TGT\" password..."
183 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
184 -w "$BINDPW" -s "$NEWPW" \
185 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
187 if test $RC != 0 ; then
188 echo "ldappasswd failed ($RC)!"
189 test $KILLSERVERS != no && kill -HUP $KILLPIDS
193 # Re-change as self...
194 echo "Changing self password..."
197 TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
199 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
200 -w "$BINDPW" -s "$NEWPW" \
201 -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
203 if test $RC != 0 ; then
204 echo "ldappasswd failed ($RC)!"
205 test $KILLSERVERS != no && kill -HUP $KILLPIDS
211 BASEDN="ou=Groups,dc=example,dc=com"
212 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
213 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
214 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
215 -D "$BINDDN" -w "$BINDPW" \
216 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
218 if test $RC != 0 ; then
219 echo "ldapsearch failed ($RC)!"
220 test $KILLSERVERS != no && kill -HUP $KILLPIDS
225 BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
227 echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
228 echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
229 $LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
230 -D "$BINDDN" -w "$BINDPW" \
231 '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
233 if test $RC != 0 ; then
234 echo "ldapsearch failed ($RC)!"
235 test $KILLSERVERS != no && kill -HUP $KILLPIDS
239 test $KILLSERVERS != no && kill -HUP $KILLPIDS
243 echo "Filtering ldapsearch results..."
244 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
245 echo "Filtering original ldif used to create database..."
246 . $LDIFFILTER < $LDIF > $LDIFFLT
247 echo "Comparing filter output..."
248 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
250 if test $? != 0 ; then
251 echo "comparison failed - operations did not complete correctly"
255 echo ">>>>> Test succeeded"