facsimileTelephoneNumber: +1 313 555 4332
telephoneNumber: +1 313 555 0895
+# Checking exact/regex attrval clause
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Mark A Elliot
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+cn: Mark Elliot
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: John Doe
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+cn: Jonathon Doe
+
# Using ldapsearch to retrieve all the entries...
dn: ou=Add & Delete,dc=example,dc=com
objectClass: organizationalUnit
dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
-cn: John Doe
-cn: Jonathon Doe
sn: Doe
uid: johnd
postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
by anonymous auth
by self =wx
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn val="Mark A Elliot"
+ by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn val="Mark Elliot"
+ by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn
+ by * search
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn val.regex="^John D.*"
+ by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn val.regex="^Jonath.*"
+ by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn
+ by * search
+
access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
by dn.regex=".+,dc=example,dc=com" +c continue
by dn.subtree="dc=example,dc=com" +rs continue
BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com"
BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com"
JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
REFINTDN="cn=Manager,o=refint"
RETCODEDN="ou=RetCodes,$BASEDN"
UNIQUEDN="cn=Manager,o=unique"
# under Example." \
>> $SEARCHOUT
$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \
- -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
+ -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+# ITS#4253
+echo "# Checking exact/regex attrval clause" >> $SEARCHOUT
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$BABSDN" -w bjensen \
+ -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$BJORNSDN" -w bjorn \
+ -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$BABSDN" -w bjensen \
+ -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+ -D "$BJORNSDN" -w bjorn \
+ -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
#
# Check group access. Try to modify Babs' entry. Two attempts:
projects / openldap / commitdiff