From: Howard Chu <hyc@openldap.org>
Date: Fri, 13 Sep 2002 15:04:04 +0000 (+0000)
Subject: Added group ACL tests
X-Git-Tag: NO_SLAP_OP_BLOCKS~980
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=615af63d04b9e2c95cbab21446331ddaace861cd;p=openldap

Added group ACL tests
---

diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master
index 0300c166c4..dd415d18cd 100644
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@@ -83,6 +83,7 @@ homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103
 description: Mythical manager of the rsdd unix project
 drink: water
 homephone: +1 313 555 2333
+homephone: +1 313 555 5444
 pager: +1 313 555 3233
 facsimiletelephonenumber: +1 313 555 2274
 telephonenumber: +1 313 555 9022
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 81cfba6d76..d1e541a3f0 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -61,6 +61,10 @@ access		to filter="(objectclass=groupofnames)"
 		by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
 		by * break
 
+access		to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+		by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
+		by * read
+
 access	to filter="(name=X*Y*Z)"
 		by * continue
 
diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls
index a1a3bc8a70..78630b1614 100755
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@@ -73,6 +73,29 @@ $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT "objectclass=*" \
 $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT \
 	-D "$BABSDN" -w bjensen "objectclass=*"  >> $SEARCHOUT 2>&1
 
+#
+# Check group access. Try to modify Babs' entry. Two attempts:
+# 1) bound as "James A Jones 1" - should fail
+# 2) bound as "Bjorn Jensen" - should succeed
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
+	$TESTOUT 2>&1 << EOMODS5
+dn: $BABSDN
+changetype: modify
+replace: drink
+drink: wine
+
+EOMODS5
+
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS6
+dn: $BABSDN
+changetype: modify
+add: homephone
+homephone: +1 313 555 5444
+
+EOMODS6
 
 #
 # Try to add a "member" attribute to the "All Staff" group.  It should