Sync with HEAD

[openldap] / tests / data / slapd-acl.conf

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 6e86cdb1c8932edd46453bd966e87e5ec1e2c683..9c58c0cd27b7c59f9670cef4b18c8336994224ab 100644 (file)
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -1,38 +1,75 @@
+# $OpenLDAP$
 #
 # master slapd config -- for testing
 #
-include                ./data/slapd.at.conf
-include                ./data/slapd.oc.conf
-schemacheck    off
-pidfile     ./var/slapd-acl.pid
-argsfile    ./var/slapd-acl.args
+ucdata-path    ./ucdata
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+pidfile     ./test-db/slapd.pid
+argsfile    ./test-db/slapd.args
+
+# global ACLs
+access to dn.base="" attr=objectClass by users read
+access to * by * read
+
+modulepath      ../servers/slapd/back-@BACKEND@/
+@MODULELOAD@
 
 #######################################################################
 # ldbm database definitions
 #######################################################################
 
-database       ldbm
-suffix         "o=University of Michigan, c=US"
+database       @BACKEND@
+#ldbm#cachesize        0
+suffix         "o=University of Michigan,c=US"
 directory      ./test-db
-rootdn         "cn=Manager, o=University of Michigan, c=US"
+rootdn         "cn=Manager,o=University of Michigan,c=US"
 rootpw         secret
-index          cn,sn,uid       pres,eq,approx
-index          default         none
-lastmod                on
-defaultaccess  none
+#ldbm#index            objectClass     eq
+#ldbm#index            cn,sn,uid       pres,eq,sub
+#bdb#index             objectClass     eq
+#bdb#index             cn,sn,uid       pres,eq,sub
+
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access to dn="" by * read
+access to dn.base="" by * read
+
 access         to attr=objectclass
-               by * read
-access         to attr=userpassword
+               by * =rsc stop
+
+access         to filter="(objectclass=person)" attr=userpassword dn.subtree=""
+               by anonymous auth
                by self write
-               by * compare
-access         to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US"
-               by dn=".*,o=University of Michigan,c=US"
-               read
-               by * none
-access         to attr=member
+
+access         to dn.children="ou=Alumni Association,ou=People,o=University of Michigan,c=US"
+               by dn.regex=".+,o=University of Michigan,c=US" +c continue
+               by dn.subtree="o=University of Michigan,c=US" +rs continue
+               by * stop
+
+access         to attr=member,uniquemember
                by dnattr=member selfwrite
+               by dnattr=uniquemember selfwrite
+               by * read
+
+access to attr=member,uniquemember filter=(mail=*edu)
                by * read
-access         to filter="objectclass=rfc822mailgroup"
-               by dn="Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" write
+
+access to filter="(&(objectclass=groupofnames)(objectClass=groupofuniquenames))"
+               by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue
+               by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
+               by * break
+
+access         to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+               by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
                by * read
-access         to * by * read
+
+access to filter="(name=X*Y*Z)"
+               by * continue
+
+# fall into global ACLs