add group ACL test

update oc in ad list test

diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master
index 0300c166c48f75c0a11f1cfcc8a5dabc32334820..dd415d18cd489a1832733abb4f7ea32bc515b068 100644 (file)
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@@ -83,6 +83,7 @@ homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103
 description: Mythical manager of the rsdd unix project
 drink: water
 homephone: +1 313 555 2333
+homephone: +1 313 555 5444
 pager: +1 313 555 3233
 facsimiletelephonenumber: +1 313 555 2274
 telephonenumber: +1 313 555 9022

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 81cfba6d7646b35fa8aee5fa6656e354ae90ee0d..d1e541a3f0e9b832db8d8f2892cb593b72e5e83d 100644 (file)
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -61,6 +61,10 @@ access               to filter="(objectclass=groupofnames)"
                by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
                by * break
 
+access         to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+               by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
+               by * read
+
 access to filter="(name=X*Y*Z)"
                by * continue
 

diff --git a/tests/scripts/test000-rootdse b/tests/scripts/test000-rootdse
index 1042459e9899364359517886ff0c5d09d60d6e6c..be5c48e257f66229b0001222895443004587b46c 100755 (executable)
--- a/tests/scripts/test000-rootdse
+++ b/tests/scripts/test000-rootdse
@@ -39,7 +39,7 @@ fi
 
 echo "Using ldapsearch to retrieve the root DSE..."
 for i in 0 1 2 3 4 5; do
-       $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT 'extensibleObject' > $SEARCHOUT 2>&1
+       $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT '+extensibleObject' > $SEARCHOUT 2>&1
        RC=$?
        if test $RC = 0 ; then
                break
@@ -50,7 +50,7 @@ done
 
 if test $RC = 0 -a $MONITORDB = yes ; then
        echo "Using ldapsearch to retrieve the cn=Monitor..."
-       $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT 'extensibleObject' >> $SEARCHOUT 2>&1
+       $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT -- '-extensibleObject' >> $SEARCHOUT 2>&1
        RC=$?
 fi
 

diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls
index a1a3bc8a709ab3ba3b949cc48deccd9339644875..78630b16149d374b8d06b6e70a5817f8f4d2e5e5 100755 (executable)
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@@ -73,6 +73,29 @@ $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT "objectclass=*" \
 $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT \
        -D "$BABSDN" -w bjensen "objectclass=*"  >> $SEARCHOUT 2>&1
 
+#
+# Check group access. Try to modify Babs' entry. Two attempts:
+# 1) bound as "James A Jones 1" - should fail
+# 2) bound as "Bjorn Jensen" - should succeed
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
+       $TESTOUT 2>&1 << EOMODS5
+dn: $BABSDN
+changetype: modify
+replace: drink
+drink: wine
+
+EOMODS5
+
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \
+       $TESTOUT 2>&1 << EOMODS6
+dn: $BABSDN
+changetype: modify
+add: homephone
+homephone: +1 313 555 5444
+
+EOMODS6
 
 #
 # Try to add a "member" attribute to the "All Staff" group.  It should