# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2011 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
fi
KILLPIDS="$PID"
+sleep 1
+
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
-# authzFrom: someone else => njorn
+# authzFrom: someone else => bjorn
echo "Testing authzFrom..."
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
exit $RC
fi
-BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com"
-BINDPW=jdoe
+BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=jen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
-if test $RC != 1 ; then
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
-fi
+ ;;
+esac
BINDDN="cn=Must Fail,dc=example,dc=com"
BINDPW=fail
-e \!authzid="$AUTHZID"
RC=$?
-if test $RC != 1 ; then
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
-fi
+ ;;
+esac
# authzTo: bjorn => someone else
echo "Testing authzTo..."
-e \!authzid="$AUTHZID"
RC=$?
-if test $RC != 1 ; then
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
-fi
+ ;;
+esac
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
+RC=$?
+case $RC in
+1)
+ ;;
+0)
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+ ;;
+*)
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="dn:cn=don't!"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
RC=$?
if test $RC != 1 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+BINDDN="dc=example,dc=com"
+BINDPW=example
+AUTHZID="dn:"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
exit 0
-## Note to developers: the command
-## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' testrun/slapd.1.log
-## must return consecutive numbers from 1 to 9 twice to indicate
-## that the authzFrom and authzTo rules applied in the right order.
+## Note to developers: when SLAPD_DEBUG=-1 the command
+## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
+## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
+## to indicate that the authzFrom and authzTo rules applied in the right order.
projects / openldap / blobdiff