--- /dev/null
+# master slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2004 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+ucdata-path ./ucdata
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+
+pidfile ./testrun/slapd.1.pid
+argsfile ./testrun/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+
+#######################################################################
+# ldbm database definitions
+#######################################################################
+
+database @BACKEND@
+suffix "o=University of Michigan,c=US"
+directory ./testrun/db.1.a
+rootdn "cn=Manager,o=University of Michigan,c=US"
+rootpw secret
+#ldbm#index objectClass eq
+#ldbm#index uid eq
+#bdb#index objectClass eq
+#bdb#index uid eq
+
+limits dn.exact="cn=Unlimited User,ou=People,o=University of Michigan,c=US" size=none time=none
+limits dn.exact="cn=Soft Limited User,ou=People,o=University of Michigan,c=US" size.soft=4 size.hard=none
+limits dn.exact="cn=Hard Limited User,ou=People,o=University of Michigan,c=US" size.soft=4 size.hard=8
+limits dn.exact="cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US" size.unchecked=4
+limits group="cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US" size.unchecked=4
+limits dn.regex="^cn=Foo User,ou=[^,]+,o=University of Michigan,c=US$" size.unchecked=4
+limits dn.onelevel="ou=People,o=University of Michigan,c=US" size.unchecked=4
+limits dn.children="ou=Groups,o=University of Michigan,c=US" size.unchecked=4
+limits dn.subtree="ou=Admin,o=University of Michigan,c=US" size.unchecked=4
+limits users size.unchecked=4
+limits anonymous size.unchecked=4
--- /dev/null
+#LEAD COMMENT
+dn: o=University of Michigan,c=US
+#EMBEDDED COMMENT
+objectclass: organization
+objectclass: domainRelatedObject
+l: Ann Arbor, Michigan
+st: Michigan
+o: University of Michigan
+o: UMICH
+o: UM
+o: U-M
+o: U of M
+description: The University of Michigan at Ann Arbor
+postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481
+ 09 $ US
+telephonenumber: +1 313 764-1817
+associateddomain: example.com
+
+dn: ou=People,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: People
+
+dn: cn=Unlimited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unlimited User
+sn: User
+uid: unlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Soft Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Soft Limited User
+sn: User
+uid: softlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Hard Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Hard Limited User
+sn: User
+uid: hardlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User
+sn: User
+uid: uncheckedlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Other User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Other User
+sn: User
+uid: other
+userpassword:: c2VjcmV0
+
+dn: cn=Foo User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Foo User
+sn: User
+uid: foo
+userpassword:: c2VjcmV0
+
+dn: cn=Bar User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Bar User
+sn: User
+uid: bar
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 2
+sn: User 2
+uid: uncheckedlimited2
+userpassword:: c2VjcmV0
+
+dn: ou=Groups,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: Groups
+
+dn: cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US
+objectClass: groupOfNames
+objectClass: simpleSecurityObject
+cn: Unchecked Limited Users
+userpassword:: c2VjcmV0
+member: cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US
+
+dn: ou=Admin,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: Admin
+
+dn: cn=Unchecked Limited User 3,ou=Admin,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 3
+sn: User 3
+uid: uncheckedlimited3
+userpassword:: c2VjcmV0
+
+dn: cn=Special User,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Special User
+sn: User
+uid: special
+userpassword:: c2VjcmV0
+
--- /dev/null
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2004 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLIMITS
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing no limits requested for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success (got $COUNT entries)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing size limit request ($SIZELIMIT) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into requested size limit ($SIZELIMIT)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+TIMELIMIT=10
+echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \
+ -D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success (got $COUNT entries)"
+ ;;
+ 3)
+ echo "...bumped into requested time limit ($TIMELIMIT s; $COUNT entries)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing no limits requested for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side size limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into server-side size limit ($COUNT)"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test $SIZELIMIT = $COUNT ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ ;;
+ 4)
+ if test "x$COUNT" != "x" ; then
+ if test $SIZELIMIT = $COUNT ; then
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ else
+ echo "...bumped into server-side size limit ($COUNT)"
+ fi
+ else
+ echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+ fi
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+ -D 'cn=Hard Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+ ;;
+ 4)
+ echo "...bumped into requested ($SIZELIMIT) size limit"
+ ;;
+ 11)
+ echo "...bumped into server-side size limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing lower than unchecked limit request for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US' \
+ '(uid=uncheckedlimited)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited group..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited regex..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Foo User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited onelevel..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Bar User,ou=People,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited children..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited subtree..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Unchecked Limited User 3,ou=Admin,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited users..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+ -D 'cn=Special User,o=University of Michigan,c=US' \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited anonymous..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+ 0)
+ echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+ ;;
+ 11)
+ echo "...bumped into server-side unchecked limit"
+ ;;
+ *)
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ ;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0
projects / openldap / commitdiff