X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fdata%2Fslapd-acl.conf;h=67bd76bd8ec31325a19046c78e7ef1715cdaf103;hb=8ce45fc80db194f7833d1009a7e3b855176d2f8a;hp=6d6c8faa7c809818ca065662e8c6af14efa00504;hpb=cc6b90b45235dd4aa327d0cf0634be9e04995eed;p=openldap

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 6d6c8faa7c..67bd76bd8e 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -14,20 +14,20 @@
 ## top-level directory of the distribution or, alternatively, at
 ## <http://www.OpenLDAP.org/license.html>.
 
-include ./schema/core.schema
-include ./schema/cosine.schema
-include ./schema/inetorgperson.schema
-include ./schema/openldap.schema
-include ./schema/nis.schema
-pidfile     ./testrun/slapd.1.pid
-argsfile    ./testrun/slapd.1.args
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
 
 # global ACLs
 #
 # normal installations should protect root dse, cn=monitor, cn=subschema
 #
 
-access		to dn.exact="" attr=objectClass
+access		to dn.exact="" attrs=objectClass
 		by users read
 access		to *
 		by * read
@@ -44,37 +44,78 @@ access		to *
 database	@BACKEND@
 #ldbm#cachesize	0
 suffix		"dc=example,dc=com"
-directory	./testrun/db.1.a
+directory	@TESTDIR@/db.1.a
 rootdn		"cn=Manager,dc=example,dc=com"
 rootpw		secret
-#ldbm#index		objectClass	eq
-#ldbm#index		cn,sn,uid	pres,eq,sub
 #bdb#index		objectClass	eq
 #bdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+#ldbm#index		objectClass	eq
+#ldbm#index		cn,sn,uid	pres,eq,sub
 
-#access		to attr=objectclass dn.subtree="dc=example,dc=com"
-access		to attr=objectclass
+#access		to attrs=objectclass dn.subtree="dc=example,dc=com"
+access		to attrs=objectclass
 		by * =rsc stop
 
-#access		to filter="(objectclass=person)" attr=userpassword dn.subtree="dc=example,dc=com"
-access		to filter="(objectclass=person)" attr=userpassword
+#access		to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
+access		to filter="(objectclass=person)" attrs=userpassword
 		by anonymous auth
 		by self =wx
 
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn val="Mark A Elliot"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn val="Mark Elliot"
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn val.regex="^John D.+"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn val.regex="^Jonath.+"
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
+access		to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
+			filter="(cn=*Jensen)"
+			attrs=cn val.regex=".*Jensen$"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
 access		to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
 		by dn.regex=".+,dc=example,dc=com" +c continue
 		by dn.subtree="dc=example,dc=com" +rs continue
 		by dn.children="dc=example,dc=com" +d continue
 		by * stop
 
-#access		to attr=member,uniquemember dn.subtree="dc=example,dc=com"
-access		to attr=member,uniquemember
+#access		to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
+access		to attrs=member,uniquemember
 		by dnattr=member selfwrite
 		by dnattr=uniquemember selfwrite
 		by * read
 
-#access		to attr=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
-access		to attr=member,uniquemember filter="(mail=*com)"
+#access		to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
+access		to attrs=member,uniquemember filter="(mail=*com)"
 		by * read
 
 #access		to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
@@ -103,4 +144,4 @@ access		to dn.subtree="ou=Add & Delete,dc=example,dc=com"
 
 # fall into global ACLs
 
-#monitor#database monitor
+#monitor#database	monitor