# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2005 The OpenLDAP Foundation.
+## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## <http://www.OpenLDAP.org/license.html>.
case "$BACKEND" in
-bdb|hdb|ldbm)
+bdb|hdb)
;;
*)
echo "Test does not support $BACKEND backend"
exit 0
+ ;;
esac
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test "$ACI" = "acino" ; then
- echo "ACI not enabled; skipping..."
+ echo "ACI not enabled, test skipped"
exit 0
fi
fi
KILLPIDS="$PID"
+sleep 1
+
echo "Testing slapd ACI access control..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 32 ; then
- echo "ldapsearch should have failed ($RC)!"
+ echo "ldapsearch should have failed with noSuchObject ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ if test $RC = 0 ; then
+ exit -1
+ fi
exit $RC
fi
if test $RC = 0 ; then
echo "ldapwhoami should have failed!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
- exit $RC
+ exit -1
fi
# Populate ACIs
'(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed ($RC)!"
- echo "IGNORED"
- ### TEMPORARILY DISABLED
+ ### TEMPORARY (see ITS#3963)
+ echo "ldapsearch failed ($RC)! IGNORED..."
+ ###echo "ldapsearch failed ($RC)!"
###test $KILLSERVERS != no && kill -HUP $KILLPIDS
###exit $RC
fi
exit $RC
fi
+# Search must fail
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
+$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ -D "$BINDDN" -w "$BINDPW" \
+ '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$ACIOUT
fi
echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
exit 0