OK
OK
OK
+OK
+FAIL
FAIL
FAIL
FAIL
objectclass: organization
dc: example
o: My Domain corp.
+
+dn: ou=users,dc=example,dc=com
+ou: users
+objectclass: organizationalUnit
+
+dn: ou=groups,dc=example,dc=com
+ou: groups
+objectclass: organizationalUnit
+
+dn: uid=1,ou=groups,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: test 1
+sn: test1
+uid: 1
+
+dn: uid=2,ou=groups,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: test 2
+sn: test2
+uid: 2
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: example@not-allowed.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
mail: original@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
mail: original@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: givenname
givenname: Joe
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: sn
sn: Down
--- /dev/null
+dn: cn=John Doe,ou=users,dc=example,dc=com
+changetype: modify
+replace: uid
+uid: 3
+
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
-
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: mail
-
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
replace: mail
mail: a@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
add: mail
mail: b@example.com
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
changetype: modify
delete: description
description: desc1
--- /dev/null
+dn: cn=John Doe,ou=users,dc=example,dc=com
+changetype: modify
+replace: uid
+uid: 2
+
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
cn: John Doe
mail: original@example.com
description: desc1
description: desc2
+uid: 1
USERLDIF="$CONSTRAINTDIR/user.ldif"
RESULTOUT="$CONSTRAINTDIR/constraint.out"
SCRIPTOUT="$TESTDIR/constraint.out"
-USERDN="cn=John Doe,$BASEDN"
+USERDN="cn=John Doe,ou=users,$BASEDN"
CONFDIR=$TESTDIR/slapd.d
mkdir -p $TESTDIR $CONFDIR $DBDIR1
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: constraint
-olcConstraintAttribute: mail count 3
+olcConstraintAttribute: mail
+ count 3
+ restrict="ldap:///ou=users,$BASEDN??one?(objectClass=inetOrgPerson)"
+# check if restrict works (if not, this will apply to ou=users subtree as well
+# and some tests will fail)
+olcConstraintAttribute: mail count 1 restrict="ldap:///ou=groups,$BASEDN??one"
olcConstraintAttribute: mail regex ^[[:alnum:]]+@example.com$
olcConstraintAttribute: description count 2
# cn value has to be concatenated givenName SP sn
olcConstraintAttribute: cn,sn,givenName
set "(this/givenName + [ ] + this/sn) & this/cn"
restrict="ldap:///$USERDN??sub?(objectClass=inetOrgPerson)"
+olcConstraintAttribute: uid
+ uri "ldap:///ou=groups,$BASEDN?uid?one?(objectClass=inetOrgPerson)"
+ restrict="ldap:///ou=users,$BASEDN??one"
EOF
$SLAPADD -F $CONFDIR -n 0 -l $TESTDIR/config.ldif
projects / openldap / commitdiff