X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fdata%2Fslapd-acl.conf;h=67bd76bd8ec31325a19046c78e7ef1715cdaf103;hb=8ce45fc80db194f7833d1009a7e3b855176d2f8a;hp=a3435f7302ed9a70ed4dc286e8e78faa5bb56ef6;hpb=39bc94082aa7403f8aed977ffa1ec8dcef4635e5;p=openldap

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index a3435f7302..67bd76bd8e 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -1,60 +1,147 @@
-# $OpenLDAP$
-#
 # master slapd config -- for testing
-#
-ucdata-path	./ucdata
-include ./schema/core.schema
-include ./schema/cosine.schema
-include ./schema/inetorgperson.schema
-include ./schema/openldap.schema
-schemacheck	off
-pidfile     ./test-db/slapd.pid
-argsfile    ./test-db/slapd.args
+# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.46.2.4 2003/12/15 22:05:29
+  kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2005 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
 
 # global ACLs
-access to dn.base="" attr=objectClass by users read
-access to * by * read
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access		to dn.exact="" attrs=objectClass
+		by users read
+access		to *
+		by * read
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
 
 #######################################################################
-# ldbm database definitions
+# database definitions
 #######################################################################
 
 database	@BACKEND@
-cachesize	0
-suffix		"o=University of Michigan,c=US"
-directory	./test-db
-rootdn		"cn=Manager,o=University of Michigan,c=US"
+#ldbm#cachesize	0
+suffix		"dc=example,dc=com"
+directory	@TESTDIR@/db.1.a
+rootdn		"cn=Manager,dc=example,dc=com"
 rootpw		secret
-#ldbm#index		objectClass	eq
-#ldbm#index		cn,sn,uid	pres,eq,sub
 #bdb#index		objectClass	eq
 #bdb#index		cn,sn,uid	pres,eq,sub
-lastmod		on
-
-#
-# normal installations should protect root dse,
-# cn=monitor, cn=schema, and cn=config
-#
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+#ldbm#index		objectClass	eq
+#ldbm#index		cn,sn,uid	pres,eq,sub
 
-access		to attr=objectclass
+#access		to attrs=objectclass dn.subtree="dc=example,dc=com"
+access		to attrs=objectclass
 		by * =rsc stop
 
-access		to filter="objectclass=person" attr=userpassword
+#access		to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
+access		to filter="(objectclass=person)" attrs=userpassword
 		by anonymous auth
-		by self write
+		by self =wx
+
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn val="Mark A Elliot"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn val="Mark Elliot"
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
 
-access		to dn.children="ou=Alumni Association,ou=People,o=University of Michigan,c=US"
-		by dn.regex=".+,o=University of Michigan,c=US" +c continue
-		by dn.subtree="o=University of Michigan,c=US" +rs continue
+access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn val.regex="^John D.+"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn val.regex="^Jonath.+"
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
+access		to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
+			filter="(cn=*Jensen)"
+			attrs=cn val.regex=".*Jensen$"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
+access		to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
+		by dn.regex=".+,dc=example,dc=com" +c continue
+		by dn.subtree="dc=example,dc=com" +rs continue
+		by dn.children="dc=example,dc=com" +d continue
 		by * stop
 
-access		to attr=member
+#access		to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
+access		to attrs=member,uniquemember
 		by dnattr=member selfwrite
+		by dnattr=uniquemember selfwrite
 		by * read
 
-access		to filter="objectclass=groupofnames"
-		by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue
-		by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
+#access		to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
+access		to attrs=member,uniquemember filter="(mail=*com)"
+		by * read
+
+#access		to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
+access		to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))"
+		by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" =sc continue
+		by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com$" +rw stop
 		by * break
 
+access		to dn.children="ou=Information Technology Division,ou=People,dc=example,dc=com"
+		by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,dc=example,dc=com" write
+		by * read
+
+access		to dn.exact="cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com"
+		by set="[cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com]/member* & user" write
+		by * read
+
+#access		to filter="(name=X*Y*Z)" dn.subtree="dc=example,dc=com"
+access		to filter="(name=X*Y*Z)"
+		by * continue
+
+access		to dn.subtree="ou=Add & Delete,dc=example,dc=com"
+		by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
+		by dn.exact="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" delete
+		by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
+		by * read
+
 # fall into global ACLs
+
+#monitor#database	monitor