From 56258f75db3e56ce041a1b099775b32eae8ee654 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sat, 10 Dec 2005 10:23:01 +0000 Subject: [PATCH] more on ITS#4253 --- tests/data/acl.out.master | 12 ++++++++++-- tests/data/slapd-acl.conf | 15 +++++++++++++-- tests/scripts/test006-acls | 7 +++++++ 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index cb060640e1..1d4423e1d4 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -33,6 +33,16 @@ cn: John Doe dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com cn: Jonathon Doe +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc + =com +cn: Bjorn Jensen +cn: Biiff Jensen + +dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example, + dc=com +cn: Barbara Jensen +cn: Babs Jensen + # Using ldapsearch to retrieve all the entries... dn: ou=Add & Delete,dc=example,dc=com objectClass: organizationalUnit @@ -113,8 +123,6 @@ telephoneNumber: +1 313 555 9022 dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc =com objectClass: OpenLDAPperson -cn: Bjorn Jensen -cn: Biiff Jensen sn: Jensen uid: bjorn seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf index 082fabf5d3..d14ca8d12e 100644 --- a/tests/data/slapd-acl.conf +++ b/tests/data/slapd-acl.conf @@ -78,12 +78,12 @@ access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,d by * search access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" - attrs=cn val.regex="^John D.*" + attrs=cn val.regex="^John D.+" by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read by * break access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" - attrs=cn val.regex="^Jonath.*" + attrs=cn val.regex="^Jonath.+" by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read by * break @@ -91,6 +91,17 @@ access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc attrs=cn by * search +access to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com" + filter="(cn=*Jensen)" + attrs=cn val.regex=".*Jensen$" + by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" + attrs=cn + by * search + access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com" by dn.regex=".+,dc=example,dc=com" +c continue by dn.subtree="dc=example,dc=com" +rs continue diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls index 27efcb9800..ec1bdb8d0e 100755 --- a/tests/scripts/test006-acls +++ b/tests/scripts/test006-acls @@ -96,6 +96,13 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \ -D "$BJORNSDN" -w bjorn \ -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 + # # Check group access. Try to modify Babs' entry. Two attempts: # 1) bound as "James A Jones 1" - should fail -- 2.39.5