From cbb883e5e541e998730fc41e15dace4053713d96 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 11 Jan 2005 20:15:13 +0000 Subject: [PATCH] honor 'disclose' ACL on searchBase/compare/referral/matched (ITS#3472 and comments on -devel) --- tests/data/acl.out.master | 6 ++++++ tests/data/slapd-acl.conf | 1 + tests/scripts/test006-acls | 18 ++++++++++-------- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index b44d98cb13..023e1a7fc8 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -1,3 +1,8 @@ +# Try to read an entry inside the Alumni Association container. +# It should give us noSuchObject if we're not bound... +No such object (32) +# ... and should return all attributes if we're bound as anyone +# under Example. dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com objectClass: OpenLDAPperson cn: James A Jones 1 @@ -16,6 +21,7 @@ mail: jaj@mail.alumni.example.com facsimileTelephoneNumber: +1 313 555 4332 telephoneNumber: +1 313 555 0895 +# Using ldapsearch to retrieve all the entries... dn: cn=All Staff,ou=Groups,dc=example,dc=com member: cn=Manager,dc=example,dc=com member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf index 4e02a8c4e1..f01b747f8f 100644 --- a/tests/data/slapd-acl.conf +++ b/tests/data/slapd-acl.conf @@ -64,6 +64,7 @@ access to filter="(objectclass=person)" attr=userpassword access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com" by dn.regex=".+,dc=example,dc=com" +c continue by dn.subtree="dc=example,dc=com" +rs continue + by dn.children="dc=example,dc=com" +d continue by * stop #access to attr=member,uniquemember dn.subtree="dc=example,dc=com" diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls index de72e9f3f5..0f294f0cad 100755 --- a/tests/scripts/test006-acls +++ b/tests/scripts/test006-acls @@ -56,16 +56,17 @@ fi cat /dev/null > $SEARCHOUT -# -# Try to read an entry inside the Alumni Association container. It should -# give us nothing if we're not bound, and should return all attributes -# if we're bound as anyone under UM. -# -$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "objectclass=*" \ +echo "# Try to read an entry inside the Alumni Association container. +# It should give us noSuchObject if we're not bound..." \ +>> $SEARCHOUT +$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "(objectclass=*)" \ >> $SEARCHOUT 2>&1 +echo "# ... and should return all attributes if we're bound as anyone +# under Example." \ +>> $SEARCHOUT $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \ - -D "$BABSDN" -w bjensen "objectclass=*" >> $SEARCHOUT 2>&1 + -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 # # Check group access. Try to modify Babs' entry. Two attempts: @@ -170,6 +171,7 @@ description: added by bjensen (should fail) EOMODS6 echo "Using ldapsearch to retrieve all the entries..." +echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 'objectClass=*' >> $SEARCHOUT 2>&1 RC=$? @@ -189,7 +191,7 @@ echo "Comparing filter output..." $CMP $SEARCHFLT $LDIFFLT > $CMPOUT if test $? != 0 ; then - echo "comparison failed - modify operations did not complete correctly" + echo "comparison failed - operations did not complete correctly" exit 1 fi -- 2.39.5