more on ITS#4253

diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master
index cb060640e105f2ada99cbf98086f2f8b40163540..1d4423e1d4ff47cb1238464bc86627730ee782f5 100644 (file)
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@@ -33,6 +33,16 @@ cn: John Doe
 dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
 cn: Jonathon Doe
 
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+cn: Barbara Jensen
+cn: Babs Jensen
+
 # Using ldapsearch to retrieve all the entries...
 dn: ou=Add & Delete,dc=example,dc=com
 objectClass: organizationalUnit
@@ -113,8 +123,6 @@ telephoneNumber: +1 313 555 9022
 dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
  =com
 objectClass: OpenLDAPperson
-cn: Bjorn Jensen
-cn: Biiff Jensen
 sn: Jensen
 uid: bjorn
 seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 082fabf5d3dd793730733510546b42aa62f88e5b..d14ca8d12e5a97730a2d6ee7d156ffeaf6737ef5 100644 (file)
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -78,12 +78,12 @@ access              to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,d
                by * search
 
 access         to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
-                       attrs=cn val.regex="^John D.*"
+                       attrs=cn val.regex="^John D.+"
                by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
                by * break
 
 access         to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
-                       attrs=cn val.regex="^Jonath.*"
+                       attrs=cn val.regex="^Jonath.+"
                by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
                by * break
 
@@ -91,6 +91,17 @@ access               to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc
                        attrs=cn
                by * search
 
+access         to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
+                       filter="(cn=*Jensen)"
+                       attrs=cn val.regex=".*Jensen$"
+               by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+               by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+               by * break
+
+access         to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+                       attrs=cn
+               by * search
+
 access         to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
                by dn.regex=".+,dc=example,dc=com" +c continue
                by dn.subtree="dc=example,dc=com" +rs continue

diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls
index 27efcb98007fc1f7134af632a1b6816f2264ad5f..ec1bdb8d0ee628de6dad45117e6e98b0b915a9ef 100755 (executable)
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@@ -96,6 +96,13 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
        -D "$BJORNSDN" -w bjorn \
        -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
 
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+       -D "$BABSDN" -w bjensen \
+       -b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+       -D "$BJORNSDN" -w bjorn \
+       -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+
 #
 # Check group access. Try to modify Babs' entry. Two attempts:
 # 1) bound as "James A Jones 1" - should fail