further checks for ITS#4587

diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master
index 74c7c937c8889e4e80c907d56c3c753750ae8933..8fd99a621ffcadb9d0af9c3f0219e23ea8219dfe 100644 (file)
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@@ -75,6 +75,7 @@ member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
 member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
 member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
  e,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
 owner: cn=Manager,dc=example,dc=com
 cn: All Staff
 description: Everyone in the sample data

diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls
index 9add9f277e650cb8072e233558fb8e31dc25095c..d47ec025725498add308bf0f9c4ea51fb7aa29e0 100755 (executable)
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@@ -103,9 +103,13 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
        -D "$BJORNSDN" -w bjorn \
        -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
 
-# check selfwrite access (ITS#4587).  Two attempts are made:
+# check selfwrite access (ITS#4587).  6 attempts are made:
 # 1) delete someone else (should fail)
 # 2) delete self (should succeed)
+# 3) add someone else (should fail)
+# 4) add someone else and self (should fail)
+# 5) add self and someone else (should fail)
+# 6) add self (should succeed)
 #
 $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
        $TESTOUT 2>&1 << EOMODS
@@ -144,6 +148,91 @@ if test $RC != 0 ; then
        exit $RC
 fi
 
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: cn=Foo,ou=Bar
+EOMODS
+RC=$?
+case $RC in
+50)
+       ;;
+0)
+       echo "ldapmodify should have failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit -1
+       ;;
+*)
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+       ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: cn=Foo,ou=Bar
+member: $JAJDN
+EOMODS
+RC=$?
+case $RC in
+50)
+       ;;
+0)
+       echo "ldapmodify should have failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit -1
+       ;;
+*)
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+       ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: $JAJDN
+member: cn=Foo,ou=Bar
+EOMODS
+RC=$?
+case $RC in
+50)
+       ;;
+0)
+       echo "ldapmodify should have failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit -1
+       ;;
+*)
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+       ;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+add: member
+member: $JAJDN
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
 #
 # Check group access. Try to modify Babs' entry. Two attempts:
 # 1) bound as "James A Jones 1" - should fail