objectclass: organization
objectclass: domainRelatedObject
objectclass: dcobject
+objectClass: simpleSecurityObject
dc: example
l: Anytown, Michigan
st: Michigan
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephonenumber: +1 313 764-1817
associateddomain: example.com
+userpassword:: ZXhhbXBsZQ==
+authzTo: dn:
dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
exit $RC
fi
-# authzFrom: someone else => njorn
+# authzFrom: someone else => bjorn
echo "Testing authzFrom..."
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
exit $RC
fi
+BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjorn
+AUTHZID="dn:"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+BINDDN="dc=example,dc=com"
+BINDPW=example
+AUTHZID="dn:"
+echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact; should succeed)..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
+ -e \!authzid="$AUTHZID"
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
exit 0
-## Note to developers: the command
+## Note to developers: when SLAPD_DEBUG=-1 the command
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' testrun/slapd.1.log
-## must return consecutive numbers from 1 to 9 twice to indicate
-## that the authzFrom and authzTo rules applied in the right order.
+## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
+## to indicate that the authzFrom and authzTo rules applied in the right order.
projects / openldap / commitdiff