s/ldap_sync.h/ldap.h/

[openldap] / tests / scripts / test041-aci

diff --git a/tests/scripts/test041-aci b/tests/scripts/test041-aci
index fd6f46c09624b12c9512606143b71dc1ecc8daa4..52361a8d0bca6fe0f21cca6b25c2091162b2dcaf 100755 (executable)
--- a/tests/scripts/test041-aci
+++ b/tests/scripts/test041-aci
@@ -2,7 +2,7 @@
 # $OpenLDAP$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2005 The OpenLDAP Foundation.
+## Copyright 1998-2008 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -14,18 +14,19 @@
 ## <http://www.OpenLDAP.org/license.html>.
 
 case "$BACKEND" in
-bdb|hdb|ldbm)
+bdb|hdb)
        ;;
 *)
        echo "Test does not support $BACKEND backend"
        exit 0
+       ;;
 esac
 
 echo "running defines.sh"
 . $SRCDIR/scripts/defines.sh
 
 if test "$ACI" = "acino" ; then
-       echo "ACI not enabled; skipping..."
+       echo "ACI not enabled, test skipped"
        exit 0
 fi
 
@@ -49,6 +50,8 @@ if test $WAIT != 0 ; then
 fi
 KILLPIDS="$PID"
 
+sleep 1
+
 echo "Testing slapd ACI access control..."
 for i in 0 1 2 3 4 5; do
        $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
@@ -78,8 +81,11 @@ $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
        '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
 RC=$?
 if test $RC != 32 ; then
-       echo "ldapsearch should have failed ($RC)!"
+       echo "ldapsearch should have failed with noSuchObject ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       if test $RC = 0 ; then
+               exit -1
+       fi
        exit $RC
 fi
 
@@ -92,7 +98,7 @@ RC=$?
 if test $RC = 0 ; then
        echo "ldapwhoami should have failed!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
-       exit $RC
+       exit -1
 fi
 
 # Populate ACIs
@@ -136,9 +142,9 @@ $LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
        '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
 RC=$?
 if test $RC != 0 ; then
-       echo "ldapsearch failed ($RC)!"
-       echo "IGNORED"
-       ### TEMPORARILY DISABLED
+       ### TEMPORARY (see ITS#3963)
+       echo "ldapsearch failed ($RC)! IGNORED..."
+       ###echo "ldapsearch failed ($RC)!"
        ###test $KILLSERVERS != no && kill -HUP $KILLPIDS
        ###exit $RC
 fi
@@ -217,6 +223,21 @@ if test $RC != 0 ; then
        exit $RC
 fi
 
+# Search must fail
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
+$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+       -D "$BINDDN" -w "$BINDPW" \
+       '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapsearch failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 LDIF=$ACIOUT
@@ -234,4 +255,7 @@ if test $? != 0 ; then
 fi
 
 echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
 exit 0