From: Kurt Zeilenga Date: Tue, 17 Sep 2002 04:27:48 +0000 (+0000) Subject: add group ACL test X-Git-Tag: OPENLDAP_REL_ENG_2_1_5~11 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=c2f7d8bc572642fdcf4c20642d3f09dcf558feb0;p=openldap add group ACL test update oc in ad list test --- diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index 0300c166c4..dd415d18cd 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -83,6 +83,7 @@ homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 description: Mythical manager of the rsdd unix project drink: water homephone: +1 313 555 2333 +homephone: +1 313 555 5444 pager: +1 313 555 3233 facsimiletelephonenumber: +1 313 555 2274 telephonenumber: +1 313 555 9022 diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf index 81cfba6d76..d1e541a3f0 100644 --- a/tests/data/slapd-acl.conf +++ b/tests/data/slapd-acl.conf @@ -61,6 +61,10 @@ access to filter="(objectclass=groupofnames)" by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop by * break +access to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US" + by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write + by * read + access to filter="(name=X*Y*Z)" by * continue diff --git a/tests/scripts/test000-rootdse b/tests/scripts/test000-rootdse index 1042459e98..be5c48e257 100755 --- a/tests/scripts/test000-rootdse +++ b/tests/scripts/test000-rootdse @@ -39,7 +39,7 @@ fi echo "Using ldapsearch to retrieve the root DSE..." for i in 0 1 2 3 4 5; do - $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT 'extensibleObject' > $SEARCHOUT 2>&1 + $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT '+extensibleObject' > $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then break @@ -50,7 +50,7 @@ done if test $RC = 0 -a $MONITORDB = yes ; then echo "Using ldapsearch to retrieve the cn=Monitor..." - $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT 'extensibleObject' >> $SEARCHOUT 2>&1 + $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT -- '-extensibleObject' >> $SEARCHOUT 2>&1 RC=$? fi diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls index a1a3bc8a70..78630b1614 100755 --- a/tests/scripts/test006-acls +++ b/tests/scripts/test006-acls @@ -73,6 +73,29 @@ $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT "objectclass=*" \ $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT \ -D "$BABSDN" -w bjensen "objectclass=*" >> $SEARCHOUT 2>&1 +# +# Check group access. Try to modify Babs' entry. Two attempts: +# 1) bound as "James A Jones 1" - should fail +# 2) bound as "Bjorn Jensen" - should succeed + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \ + $TESTOUT 2>&1 << EOMODS5 +dn: $BABSDN +changetype: modify +replace: drink +drink: wine + +EOMODS5 + + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS6 +dn: $BABSDN +changetype: modify +add: homephone +homephone: +1 313 555 5444 + +EOMODS6 # # Try to add a "member" attribute to the "All Staff" group. It should