test006-acls revision 1.1.1.10
1 1.1 lukem #! /bin/sh 2 1.1.1.4 tron # $OpenLDAP$ 3 1.1 lukem ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 1.1 lukem ## 5 1.1.1.10 christos ## Copyright 1998-2024 The OpenLDAP Foundation. 6 1.1 lukem ## All rights reserved. 7 1.1 lukem ## 8 1.1 lukem ## Redistribution and use in source and binary forms, with or without 9 1.1 lukem ## modification, are permitted only as authorized by the OpenLDAP 10 1.1 lukem ## Public License. 11 1.1 lukem ## 12 1.1 lukem ## A copy of this license is available in the file LICENSE in the 13 1.1 lukem ## top-level directory of the distribution or, alternatively, at 14 1.1 lukem ## <http://www.OpenLDAP.org/license.html>. 15 1.1 lukem 16 1.1.1.3 adam case "$BACKEND" in ldif | null) 17 1.1.1.3 adam echo "$BACKEND backend does not support access controls, test skipped" 18 1.1 lukem exit 0 19 1.1 lukem esac 20 1.1 lukem 21 1.1 lukem echo "running defines.sh" 22 1.1 lukem . $SRCDIR/scripts/defines.sh 23 1.1 lukem 24 1.1 lukem mkdir -p $TESTDIR $DBDIR1 25 1.1 lukem 26 1.1 lukem echo "Running slapadd to build slapd database..." 27 1.1.1.9 christos . $CONFFILTER $BACKEND < $ACLCONF > $CONF1 28 1.1 lukem $SLAPADD -f $CONF1 -l $LDIFORDERED 29 1.1 lukem RC=$? 30 1.1 lukem if test $RC != 0 ; then 31 1.1 lukem echo "slapadd failed ($RC)!" 32 1.1 lukem exit $RC 33 1.1 lukem fi 34 1.1 lukem 35 1.1 lukem echo "Starting slapd on TCP/IP port $PORT1..." 36 1.1.1.9 christos $SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 37 1.1 lukem PID=$! 38 1.1 lukem if test $WAIT != 0 ; then 39 1.1 lukem echo PID $PID 40 1.1 lukem read foo 41 1.1 lukem fi 42 1.1 lukem KILLPIDS="$PID" 43 1.1 lukem 44 1.1 lukem sleep 1 45 1.1 lukem 46 1.1 lukem echo "Testing slapd access control..." 47 1.1 lukem for i in 0 1 2 3 4 5; do 48 1.1.1.9 christos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 49 1.1 lukem 'objectclass=*' > /dev/null 2>&1 50 1.1 lukem RC=$? 51 1.1 lukem if test $RC = 0 ; then 52 1.1 lukem break 53 1.1 lukem fi 54 1.1 lukem echo "Waiting 5 seconds for slapd to start..." 55 1.1 lukem sleep 5 56 1.1 lukem done 57 1.1 lukem 58 1.1 lukem if test $RC != 0 ; then 59 1.1 lukem echo "ldapsearch failed ($RC)!" 60 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 61 1.1 lukem exit $RC 62 1.1 lukem fi 63 1.1 lukem 64 1.1 lukem cat /dev/null > $SEARCHOUT 65 1.1 lukem 66 1.1 lukem echo "# Try to read an entry inside the Alumni Association container. 67 1.1 lukem # It should give us noSuchObject if we're not bound..." \ 68 1.1 lukem >> $SEARCHOUT 69 1.1 lukem # FIXME: temporarily remove the "No such object" message to make 70 1.1 lukem # the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd 71 1.1.1.9 christos $LDAPSEARCH -b "$JAJDN" -H $URI1 "(objectclass=*)" \ 72 1.1.1.4 tron 2>&1 | grep -v "No such object" >> $SEARCHOUT 73 1.1 lukem 74 1.1 lukem echo "# ... and should return all attributes if we're bound as anyone 75 1.1 lukem # under Example." \ 76 1.1 lukem >> $SEARCHOUT 77 1.1.1.9 christos $LDAPSEARCH -b "$JAJDN" -H $URI1 \ 78 1.1 lukem -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 79 1.1 lukem 80 1.1 lukem # ITS#4253, ITS#4255 81 1.1 lukem echo "# Checking exact/regex attrval clause" >> $SEARCHOUT 82 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 83 1.1 lukem -D "$BABSDN" -w bjensen \ 84 1.1 lukem -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 85 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 86 1.1 lukem -D "$BJORNSDN" -w bjorn \ 87 1.1 lukem -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 88 1.1 lukem 89 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 90 1.1 lukem -D "$BABSDN" -w bjensen \ 91 1.1 lukem -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 92 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 93 1.1 lukem -D "$BJORNSDN" -w bjorn \ 94 1.1 lukem -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 95 1.1 lukem 96 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 97 1.1 lukem -D "$BABSDN" -w bjensen \ 98 1.1 lukem -b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 99 1.1.1.9 christos $LDAPSEARCH -H $URI1 \ 100 1.1 lukem -D "$BJORNSDN" -w bjorn \ 101 1.1 lukem -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 102 1.1 lukem 103 1.1 lukem # check selfwrite access (ITS#4587). 6 attempts are made: 104 1.1 lukem # 1) delete someone else (should fail) 105 1.1 lukem # 2) delete self (should succeed) 106 1.1 lukem # 3) add someone else (should fail) 107 1.1 lukem # 4) add someone else and self (should fail) 108 1.1 lukem # 5) add self and someone else (should fail) 109 1.1 lukem # 6) add self (should succeed) 110 1.1 lukem # 111 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 112 1.1 lukem $TESTOUT 2>&1 << EOMODS 113 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 114 1.1 lukem changetype: modify 115 1.1 lukem delete: member 116 1.1 lukem member: $BABSDN 117 1.1 lukem EOMODS 118 1.1 lukem RC=$? 119 1.1 lukem case $RC in 120 1.1 lukem 50) 121 1.1 lukem ;; 122 1.1 lukem 0) 123 1.1 lukem echo "ldapmodify should have failed ($RC)!" 124 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 125 1.1.1.10 christos exit 1 126 1.1 lukem ;; 127 1.1 lukem *) 128 1.1 lukem echo "ldapmodify failed ($RC)!" 129 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 130 1.1 lukem exit $RC 131 1.1 lukem ;; 132 1.1 lukem esac 133 1.1 lukem 134 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 135 1.1 lukem $TESTOUT 2>&1 << EOMODS 136 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 137 1.1 lukem changetype: modify 138 1.1 lukem delete: member 139 1.1 lukem member: $JAJDN 140 1.1 lukem EOMODS 141 1.1 lukem RC=$? 142 1.1 lukem if test $RC != 0 ; then 143 1.1 lukem echo "ldapmodify failed ($RC)!" 144 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 145 1.1 lukem exit $RC 146 1.1 lukem fi 147 1.1 lukem 148 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 149 1.1 lukem $TESTOUT 2>&1 << EOMODS 150 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 151 1.1 lukem changetype: modify 152 1.1 lukem add: member 153 1.1 lukem member: cn=Foo,ou=Bar 154 1.1 lukem EOMODS 155 1.1 lukem RC=$? 156 1.1 lukem case $RC in 157 1.1 lukem 50) 158 1.1 lukem ;; 159 1.1 lukem 0) 160 1.1 lukem echo "ldapmodify should have failed ($RC)!" 161 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 162 1.1.1.10 christos exit 1 163 1.1 lukem ;; 164 1.1 lukem *) 165 1.1 lukem echo "ldapmodify failed ($RC)!" 166 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 167 1.1 lukem exit $RC 168 1.1 lukem ;; 169 1.1 lukem esac 170 1.1 lukem 171 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 172 1.1 lukem $TESTOUT 2>&1 << EOMODS 173 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 174 1.1 lukem changetype: modify 175 1.1 lukem add: member 176 1.1 lukem member: cn=Foo,ou=Bar 177 1.1 lukem member: $JAJDN 178 1.1 lukem EOMODS 179 1.1 lukem RC=$? 180 1.1 lukem case $RC in 181 1.1 lukem 50) 182 1.1 lukem ;; 183 1.1 lukem 0) 184 1.1 lukem echo "ldapmodify should have failed ($RC)!" 185 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 186 1.1.1.10 christos exit 1 187 1.1 lukem ;; 188 1.1 lukem *) 189 1.1 lukem echo "ldapmodify failed ($RC)!" 190 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 191 1.1 lukem exit $RC 192 1.1 lukem ;; 193 1.1 lukem esac 194 1.1 lukem 195 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 196 1.1 lukem $TESTOUT 2>&1 << EOMODS 197 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 198 1.1 lukem changetype: modify 199 1.1 lukem add: member 200 1.1 lukem member: $JAJDN 201 1.1 lukem member: cn=Foo,ou=Bar 202 1.1 lukem EOMODS 203 1.1 lukem RC=$? 204 1.1 lukem case $RC in 205 1.1 lukem 50) 206 1.1 lukem ;; 207 1.1 lukem 0) 208 1.1 lukem echo "ldapmodify should have failed ($RC)!" 209 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 210 1.1.1.10 christos exit 1 211 1.1 lukem ;; 212 1.1 lukem *) 213 1.1 lukem echo "ldapmodify failed ($RC)!" 214 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 215 1.1 lukem exit $RC 216 1.1 lukem ;; 217 1.1 lukem esac 218 1.1 lukem 219 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 220 1.1 lukem $TESTOUT 2>&1 << EOMODS 221 1.1 lukem dn: cn=All Staff,ou=Groups,dc=example,dc=com 222 1.1 lukem changetype: modify 223 1.1 lukem add: member 224 1.1 lukem member: $JAJDN 225 1.1 lukem EOMODS 226 1.1 lukem RC=$? 227 1.1 lukem if test $RC != 0 ; then 228 1.1 lukem echo "ldapmodify failed ($RC)!" 229 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 230 1.1 lukem exit $RC 231 1.1 lukem fi 232 1.1 lukem 233 1.1 lukem # 234 1.1 lukem # Check group access. Try to modify Babs' entry. Two attempts: 235 1.1 lukem # 1) bound as "James A Jones 1" - should fail 236 1.1 lukem # 2) bound as "Bjorn Jensen" - should succeed 237 1.1 lukem 238 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 239 1.1 lukem $TESTOUT 2>&1 << EOMODS5 240 1.1 lukem dn: $BABSDN 241 1.1 lukem changetype: modify 242 1.1 lukem replace: drink 243 1.1 lukem drink: wine 244 1.1 lukem EOMODS5 245 1.1 lukem RC=$? 246 1.1 lukem case $RC in 247 1.1 lukem 50) 248 1.1 lukem ;; 249 1.1 lukem 0) 250 1.1 lukem echo "ldapmodify should have failed ($RC)!" 251 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 252 1.1.1.10 christos exit 1 253 1.1 lukem ;; 254 1.1 lukem *) 255 1.1 lukem echo "ldapmodify failed ($RC)!" 256 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 257 1.1 lukem exit $RC 258 1.1 lukem ;; 259 1.1 lukem esac 260 1.1 lukem 261 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 262 1.1 lukem $TESTOUT 2>&1 << EOMODS6 263 1.1 lukem dn: $BABSDN 264 1.1 lukem changetype: modify 265 1.1 lukem add: homephone 266 1.1 lukem homephone: +1 313 555 5444 267 1.1 lukem EOMODS6 268 1.1 lukem RC=$? 269 1.1 lukem case $RC in 270 1.1 lukem 0) 271 1.1 lukem ;; 272 1.1 lukem *) 273 1.1 lukem echo "ldapmodify failed ($RC)!" 274 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 275 1.1 lukem exit $RC 276 1.1 lukem ;; 277 1.1 lukem esac 278 1.1 lukem 279 1.1 lukem # 280 1.1 lukem # Try to add a "member" attribute to the "ITD Staff" group. It should 281 1.1 lukem # fail when we add some DN other than our own, and should succeed when 282 1.1 lukem # we add our own DN. 283 1.1 lukem # bjensen 284 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 285 1.1 lukem $TESTOUT 2>&1 << EOMODS1 286 1.1 lukem version: 1 287 1.1 lukem dn: cn=ITD Staff, ou=Groups, dc=example, dc=com 288 1.1 lukem changetype: modify 289 1.1 lukem add: uniquemember 290 1.1 lukem uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com 291 1.1 lukem EOMODS1 292 1.1 lukem RC=$? 293 1.1 lukem case $RC in 294 1.1 lukem 50) 295 1.1 lukem ;; 296 1.1 lukem 0) 297 1.1 lukem echo "ldapmodify should have failed ($RC)!" 298 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 299 1.1.1.10 christos exit 1 300 1.1 lukem ;; 301 1.1 lukem *) 302 1.1 lukem echo "ldapmodify failed ($RC)!" 303 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 304 1.1 lukem exit $RC 305 1.1 lukem ;; 306 1.1 lukem esac 307 1.1 lukem 308 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 309 1.1 lukem $TESTOUT 2>&1 << EOMODS2 310 1.1 lukem version: 1 311 1.1 lukem 312 1.1 lukem dn: cn=ITD Staff, ou=Groups, dc=example, dc=com 313 1.1 lukem changetype: modify 314 1.1 lukem add: uniquemember 315 1.1 lukem uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com 316 1.1 lukem EOMODS2 317 1.1 lukem RC=$? 318 1.1 lukem case $RC in 319 1.1 lukem 0) 320 1.1 lukem ;; 321 1.1 lukem *) 322 1.1 lukem echo "ldapmodify failed ($RC)!" 323 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 324 1.1 lukem exit $RC 325 1.1 lukem ;; 326 1.1 lukem esac 327 1.1 lukem 328 1.1 lukem # 329 1.1 lukem # Try to modify the "ITD Staff" group. Two attempts are made: 330 1.1 lukem # 1) bound as "James A Jones 1" - should fail 331 1.1 lukem # 2) bound as "Bjorn Jensen" - should succeed 332 1.1 lukem # 333 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 334 1.1 lukem $TESTOUT 2>&1 << EOMODS3 335 1.1 lukem 336 1.1 lukem dn: cn=ITD Staff, ou=Groups, dc=example, dc=com 337 1.1 lukem changetype: modify 338 1.1 lukem delete: description 339 1.1 lukem EOMODS3 340 1.1 lukem RC=$? 341 1.1 lukem case $RC in 342 1.1 lukem 50) 343 1.1 lukem ;; 344 1.1 lukem 0) 345 1.1 lukem echo "ldapmodify should have failed ($RC)!" 346 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 347 1.1.1.10 christos exit 1 348 1.1 lukem ;; 349 1.1 lukem *) 350 1.1 lukem echo "ldapmodify failed ($RC)!" 351 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 352 1.1 lukem exit $RC 353 1.1 lukem ;; 354 1.1 lukem esac 355 1.1 lukem 356 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 357 1.1 lukem $TESTOUT 2>&1 << EOMODS4 358 1.1 lukem # COMMENT 359 1.1 lukem version: 1 360 1.1 lukem # comment 361 1.1 lukem dn: cn=ITD Staff, ou=Groups, dc=example, dc=com 362 1.1 lukem # comment 363 1.1 lukem changetype: modify 364 1.1 lukem # comment 365 1.1 lukem add: ou 366 1.1 lukem # comment 367 1.1 lukem ou: Groups 368 1.1 lukem # comment 369 1.1 lukem EOMODS4 370 1.1 lukem RC=$? 371 1.1 lukem case $RC in 372 1.1 lukem 0) 373 1.1 lukem ;; 374 1.1 lukem *) 375 1.1 lukem echo "ldapmodify failed ($RC)!" 376 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 377 1.1 lukem exit $RC 378 1.1 lukem ;; 379 1.1 lukem esac 380 1.1 lukem 381 1.1 lukem # 382 1.1 lukem # Try to modify the "ITD Staff" group. Two attempts are made: 383 1.1 lukem # 1) bound as "James A Jones 1" - should succeed 384 1.1 lukem # 2) bound as "Barbara Jensen" - should fail 385 1.1 lukem # should exploit sets 386 1.1 lukem # 387 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 388 1.1 lukem $TESTOUT 2>&1 << EOMODS5 389 1.1 lukem dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 390 1.1 lukem changetype: modify 391 1.1 lukem add: description 392 1.1 lukem description: added by jaj (should succeed) 393 1.1 lukem - 394 1.1 lukem EOMODS5 395 1.1 lukem RC=$? 396 1.1 lukem case $RC in 397 1.1 lukem 0) 398 1.1 lukem ;; 399 1.1 lukem *) 400 1.1 lukem echo "ldapmodify failed ($RC)!" 401 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 402 1.1 lukem exit $RC 403 1.1 lukem ;; 404 1.1 lukem esac 405 1.1 lukem 406 1.1.1.9 christos $LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 407 1.1 lukem $TESTOUT 2>&1 << EOMODS6 408 1.1 lukem dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 409 1.1 lukem changetype: modify 410 1.1 lukem add: description 411 1.1 lukem description: added by bjensen (should fail) 412 1.1 lukem - 413 1.1 lukem EOMODS6 414 1.1 lukem RC=$? 415 1.1 lukem case $RC in 416 1.1 lukem 50) 417 1.1 lukem ;; 418 1.1 lukem 0) 419 1.1 lukem echo "ldapmodify should have failed ($RC)!" 420 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 421 1.1.1.10 christos exit 1 422 1.1 lukem ;; 423 1.1 lukem *) 424 1.1 lukem echo "ldapmodify failed ($RC)!" 425 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 426 1.1 lukem exit $RC 427 1.1 lukem ;; 428 1.1 lukem esac 429 1.1 lukem 430 1.1.1.9 christos $LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ 431 1.1 lukem $TESTOUT 2>&1 << EOMODS7 432 1.1 lukem dn: ou=Add & Delete,dc=example,dc=com 433 1.1 lukem changetype: add 434 1.1 lukem objectClass: organizationalUnit 435 1.1 lukem ou: Add & Delete 436 1.1 lukem EOMODS7 437 1.1 lukem RC=$? 438 1.1 lukem if test $RC != 0 ; then 439 1.1 lukem echo "ldapmodify failed ($RC)!" 440 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 441 1.1 lukem exit $RC 442 1.1 lukem fi 443 1.1 lukem 444 1.1.1.9 christos $LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 445 1.1 lukem $TESTOUT 2>&1 << EOMODS8 446 1.1 lukem dn: cn=Added by Babs (must fail),ou=Add & Delete,dc=example,dc=com 447 1.1 lukem changetype: add 448 1.1 lukem objectClass: inetOrgPerson 449 1.1 lukem cn: Added by Babs (must fail) 450 1.1 lukem sn: None 451 1.1 lukem EOMODS8 452 1.1 lukem RC=$? 453 1.1 lukem case $RC in 454 1.1 lukem 50) 455 1.1 lukem ;; 456 1.1 lukem 0) 457 1.1 lukem echo "ldapmodify should have failed ($RC)!" 458 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 459 1.1.1.10 christos exit 1 460 1.1 lukem ;; 461 1.1 lukem *) 462 1.1 lukem echo "ldapmodify failed ($RC)!" 463 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 464 1.1 lukem exit $RC 465 1.1 lukem ;; 466 1.1 lukem esac 467 1.1 lukem 468 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 469 1.1 lukem $TESTOUT 2>&1 << EOMODS9 470 1.1 lukem dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 471 1.1 lukem changetype: add 472 1.1 lukem objectClass: inetOrgPerson 473 1.1 lukem cn: Added by Bjorn (must succeed) 474 1.1 lukem sn: None 475 1.1 lukem 476 1.1 lukem dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 477 1.1 lukem changetype: add 478 1.1 lukem objectClass: inetOrgPerson 479 1.1 lukem cn: Added by Bjorn (will be deleted) 480 1.1 lukem sn: None 481 1.1 lukem 482 1.1 lukem dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 483 1.1 lukem changetype: add 484 1.1 lukem objectClass: inetOrgPerson 485 1.1 lukem cn: Added by Bjorn (will be renamed) 486 1.1 lukem sn: None 487 1.1 lukem 488 1.1 lukem dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 489 1.1 lukem changetype: modify 490 1.1 lukem add: description 491 1.1 lukem description: this attribute value has been added __after__entry creation 492 1.1 lukem description: this attribute value will be deleted by Babs (must succeed) 493 1.1 lukem description: Bjorn will try to delete this attribute value (should fail) 494 1.1 lukem - 495 1.1 lukem EOMODS9 496 1.1 lukem RC=$? 497 1.1 lukem case $RC in 498 1.1 lukem 0) 499 1.1 lukem ;; 500 1.1 lukem *) 501 1.1 lukem echo "ldapmodify failed ($RC)!" 502 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 503 1.1 lukem exit $RC 504 1.1 lukem ;; 505 1.1 lukem esac 506 1.1 lukem 507 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 508 1.1 lukem $TESTOUT 2>&1 << EOMODS10 509 1.1 lukem dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 510 1.1 lukem changetype: delete 511 1.1 lukem EOMODS10 512 1.1 lukem RC=$? 513 1.1 lukem case $RC in 514 1.1 lukem 50) 515 1.1 lukem ;; 516 1.1 lukem 0) 517 1.1 lukem echo "ldapmodify should have failed ($RC)!" 518 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 519 1.1.1.10 christos exit 1 520 1.1 lukem ;; 521 1.1 lukem *) 522 1.1 lukem echo "ldapmodify failed ($RC)!" 523 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 524 1.1 lukem exit $RC 525 1.1 lukem ;; 526 1.1 lukem esac 527 1.1 lukem 528 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 529 1.1 lukem $TESTOUT 2>&1 << EOMODS11 530 1.1 lukem dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 531 1.1 lukem changetype: modrdn 532 1.1 lukem newrdn: cn=Added by Bjorn (renamed by Bjorn) 533 1.1 lukem deleteoldrdn: 1 534 1.1 lukem EOMODS11 535 1.1 lukem RC=$? 536 1.1 lukem case $RC in 537 1.1 lukem 50) 538 1.1 lukem ;; 539 1.1 lukem 0) 540 1.1 lukem echo "ldapmodify should have failed ($RC)!" 541 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 542 1.1.1.10 christos exit 1 543 1.1 lukem ;; 544 1.1 lukem *) 545 1.1 lukem echo "ldapmodify failed ($RC)!" 546 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 547 1.1 lukem exit $RC 548 1.1 lukem ;; 549 1.1 lukem esac 550 1.1 lukem 551 1.1.1.9 christos $LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 552 1.1 lukem $TESTOUT 2>&1 << EOMODS12 553 1.1 lukem dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 554 1.1 lukem changetype: modrdn 555 1.1 lukem newrdn: cn=Added by Bjorn (renamed by Babs) 556 1.1 lukem deleteoldrdn: 1 557 1.1 lukem EOMODS12 558 1.1 lukem RC=$? 559 1.1 lukem case $RC in 560 1.1 lukem 50) 561 1.1 lukem ;; 562 1.1 lukem 0) 563 1.1 lukem echo "ldapmodify should have failed ($RC)!" 564 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 565 1.1.1.10 christos exit 1 566 1.1 lukem ;; 567 1.1 lukem *) 568 1.1 lukem echo "ldapmodify failed ($RC)!" 569 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 570 1.1 lukem exit $RC 571 1.1 lukem ;; 572 1.1 lukem esac 573 1.1 lukem 574 1.1.1.9 christos $LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 575 1.1 lukem $TESTOUT 2>&1 << EOMODS13 576 1.1 lukem dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 577 1.1 lukem changetype: modrdn 578 1.1 lukem newrdn: cn=Added by Bjorn (renamed by Jaj) 579 1.1 lukem deleteoldrdn: 1 580 1.1 lukem EOMODS13 581 1.1 lukem RC=$? 582 1.1 lukem case $RC in 583 1.1 lukem 0) 584 1.1 lukem ;; 585 1.1 lukem *) 586 1.1 lukem echo "ldapmodify failed ($RC)!" 587 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 588 1.1 lukem exit $RC 589 1.1 lukem ;; 590 1.1 lukem esac 591 1.1 lukem 592 1.1.1.9 christos $LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 593 1.1 lukem $TESTOUT 2>&1 << EOMODS14 594 1.1 lukem dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 595 1.1 lukem changetype: modify 596 1.1 lukem delete: description 597 1.1 lukem description: Bjorn will try to delete this attribute value (should fail) 598 1.1 lukem - 599 1.1 lukem EOMODS14 600 1.1 lukem RC=$? 601 1.1 lukem case $RC in 602 1.1 lukem 50) 603 1.1 lukem ;; 604 1.1 lukem 0) 605 1.1 lukem echo "ldapmodify should have failed ($RC)!" 606 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 607 1.1.1.10 christos exit 1 608 1.1 lukem ;; 609 1.1 lukem *) 610 1.1 lukem echo "ldapmodify failed ($RC)!" 611 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 612 1.1 lukem exit $RC 613 1.1 lukem ;; 614 1.1 lukem esac 615 1.1 lukem 616 1.1.1.9 christos $LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 617 1.1 lukem $TESTOUT 2>&1 << EOMODS15 618 1.1 lukem dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 619 1.1 lukem changetype: delete 620 1.1 lukem 621 1.1 lukem dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 622 1.1 lukem changetype: modify 623 1.1 lukem delete: description 624 1.1 lukem description: this attribute value will be deleted by Babs (must succeed) 625 1.1 lukem - 626 1.1 lukem EOMODS15 627 1.1 lukem RC=$? 628 1.1 lukem case $RC in 629 1.1 lukem 0) 630 1.1 lukem ;; 631 1.1 lukem *) 632 1.1 lukem echo "ldapmodify failed ($RC)!" 633 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 634 1.1 lukem exit $RC 635 1.1 lukem ;; 636 1.1 lukem esac 637 1.1 lukem 638 1.1 lukem echo "Using ldapsearch to retrieve all the entries..." 639 1.1 lukem echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT 640 1.1.1.9 christos $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 641 1.1 lukem 'objectClass=*' >> $SEARCHOUT 2>&1 642 1.1 lukem RC=$? 643 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 644 1.1 lukem if test $RC != 0 ; then 645 1.1 lukem echo "ldapsearch failed ($RC)!" 646 1.1 lukem exit $RC 647 1.1 lukem fi 648 1.1 lukem 649 1.1.1.9 christos LDIF=$ACLOUTPROVIDER 650 1.1 lukem 651 1.1 lukem echo "Filtering ldapsearch results..." 652 1.1.1.3 adam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 653 1.1 lukem echo "Filtering original ldif used to create database..." 654 1.1.1.3 adam $LDIFFILTER < $LDIF > $LDIFFLT 655 1.1 lukem echo "Comparing filter output..." 656 1.1 lukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 657 1.1 lukem 658 1.1 lukem if test $? != 0 ; then 659 1.1 lukem echo "comparison failed - operations did not complete correctly" 660 1.1 lukem exit 1 661 1.1 lukem fi 662 1.1 lukem 663 1.1 lukem echo ">>>>> Test succeeded" 664 1.1 lukem 665 1.1 lukem test $KILLSERVERS != no && wait 666 1.1 lukem 667 1.1 lukem exit 0 668
Indexes created Thu Apr 30 00:23:01 UTC 2026