1 1.1 lukem #! /bin/sh 2 1.1.1.4 tron # $OpenLDAP$ 3 1.1 lukem ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 1.1 lukem ## 5 1.1.1.10 christos ## Copyright 1998-2024 The OpenLDAP Foundation. 6 1.1 lukem ## All rights reserved. 7 1.1 lukem ## 8 1.1 lukem ## Redistribution and use in source and binary forms, with or without 9 1.1 lukem ## modification, are permitted only as authorized by the OpenLDAP 10 1.1 lukem ## Public License. 11 1.1 lukem ## 12 1.1 lukem ## A copy of this license is available in the file LICENSE in the 13 1.1 lukem ## top-level directory of the distribution or, alternatively, at 14 1.1 lukem ## <http://www.OpenLDAP.org/license.html>. 15 1.1 lukem 16 1.1 lukem echo "running defines.sh" 17 1.1 lukem . $SRCDIR/scripts/defines.sh 18 1.1 lukem 19 1.1 lukem echo "### This test requires the LDAP backend and the rwm overlay." 20 1.1 lukem echo "### If available, and explicitly requested, it can use SASL bind;" 21 1.1 lukem echo "### note that SASL must be properly set up, and the requested" 22 1.1 lukem echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," 23 1.1.1.10 christos echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]." 24 1.1 lukem 25 1.1 lukem if test $BACKLDAP = "ldapno" ; then 26 1.1 lukem echo "LDAP backend not available, test skipped" 27 1.1 lukem exit 0 28 1.1 lukem fi 29 1.1 lukem 30 1.1 lukem if test $RWM = "rwmno" ; then 31 1.1 lukem echo "Rewrite/remap overlay not available, test skipped" 32 1.1 lukem exit 0 33 1.1 lukem fi 34 1.1 lukem 35 1.1 lukem if test $WITH_SASL = "yes" ; then 36 1.1 lukem if test $USE_SASL != "no" ; then 37 1.1 lukem if test $USE_SASL = "yes" ; then 38 1.1.1.10 christos MECH="SCRAM-SHA-256" 39 1.1 lukem else 40 1.1 lukem MECH="$USE_SASL" 41 1.1 lukem fi 42 1.1 lukem echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" 43 1.1 lukem else 44 1.1 lukem echo "Using proxyAuthz with simple authc..." 45 1.1 lukem fi 46 1.1 lukem else 47 1.1 lukem echo "SASL not available; using proxyAuthz with simple authc..." 48 1.1 lukem fi 49 1.1 lukem 50 1.1 lukem mkdir -p $TESTDIR $DBDIR1 $DBDIR2 51 1.1 lukem 52 1.1 lukem echo "Running slapadd to build slapd database..." 53 1.1.1.9 christos . $CONFFILTER $BACKEND < $IDASSERTCONF > $ADDCONF 54 1.1 lukem $SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1 55 1.1 lukem RC=$? 56 1.1 lukem if test $RC != 0 ; then 57 1.1 lukem echo "slapadd -n 1 failed ($RC)!" 58 1.1 lukem exit $RC 59 1.1 lukem fi 60 1.1 lukem $SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2 61 1.1 lukem RC=$? 62 1.1 lukem if test $RC != 0 ; then 63 1.1 lukem echo "slapadd -n 2 failed ($RC)!" 64 1.1 lukem exit $RC 65 1.1 lukem fi 66 1.1 lukem 67 1.1 lukem echo "Starting slapd on TCP/IP port $PORT..." 68 1.1.1.9 christos . $CONFFILTER $BACKEND < $IDASSERTCONF > $CONF1 69 1.1.1.9 christos $SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 70 1.1 lukem PID=$! 71 1.1 lukem if test $WAIT != 0 ; then 72 1.1 lukem echo PID $PID 73 1.1 lukem read foo 74 1.1 lukem fi 75 1.1 lukem KILLPIDS="$PID" 76 1.1 lukem 77 1.1 lukem sleep 1 78 1.1 lukem 79 1.1 lukem echo "Using ldapsearch to check that slapd is running..." 80 1.1 lukem for i in 0 1 2 3 4 5; do 81 1.1.1.9 christos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 82 1.1 lukem 'objectclass=*' > /dev/null 2>&1 83 1.1 lukem RC=$? 84 1.1 lukem if test $RC = 0 ; then 85 1.1 lukem break 86 1.1 lukem fi 87 1.1 lukem echo "Waiting 5 seconds for slapd to start..." 88 1.1 lukem sleep 5 89 1.1 lukem done 90 1.1 lukem 91 1.1 lukem echo "Testing ldapwhoami as proxy US..." 92 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy 93 1.1 lukem RC=$? 94 1.1 lukem if test $RC != 0 ; then 95 1.1 lukem echo "ldapwhoami failed ($RC)!" 96 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 97 1.1 lukem exit $RC 98 1.1 lukem fi 99 1.1 lukem 100 1.1 lukem AUTHZID="u:it/jaj" 101 1.1 lukem echo "Testing ldapwhoami as proxy US, $AUTHZID..." 102 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 103 1.1 lukem RC=$? 104 1.1.1.3 adam if test $RC != 0 && test $BACKEND != null ; then 105 1.1 lukem echo "ldapwhoami failed ($RC)!" 106 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 107 1.1 lukem exit $RC 108 1.1 lukem fi 109 1.1 lukem 110 1.1 lukem AUTHZID="u:bjorn" 111 1.1 lukem echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" 112 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 113 1.1 lukem RC=$? 114 1.1 lukem if test $RC != 1 ; then 115 1.1 lukem echo "ldapwhoami should have failed ($RC)!" 116 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 117 1.1.1.3 adam exit 1 118 1.1 lukem fi 119 1.1 lukem 120 1.1 lukem AUTHZID="u:bjensen" 121 1.1 lukem echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" 122 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 123 1.1 lukem RC=$? 124 1.1 lukem if test $RC != 1 ; then 125 1.1 lukem echo "ldapwhoami should have failed ($RC)!" 126 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 127 1.1.1.3 adam exit 1 128 1.1 lukem fi 129 1.1 lukem 130 1.1 lukem echo "Testing ldapwhoami as proxy IT..." 131 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy 132 1.1 lukem RC=$? 133 1.1 lukem if test $RC != 0 ; then 134 1.1 lukem echo "ldapwhoami failed ($RC)!" 135 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 136 1.1 lukem exit $RC 137 1.1 lukem fi 138 1.1 lukem 139 1.1 lukem AUTHZID="u:it/jaj" 140 1.1 lukem echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" 141 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 142 1.1 lukem RC=$? 143 1.1 lukem if test $RC != 1 ; then 144 1.1 lukem echo "ldapwhoami should have failed ($RC)!" 145 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 146 1.1.1.3 adam exit 1 147 1.1 lukem fi 148 1.1 lukem 149 1.1 lukem AUTHZID="u:bjorn" 150 1.1 lukem echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" 151 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 152 1.1 lukem RC=$? 153 1.1 lukem if test $RC != 1 ; then 154 1.1 lukem echo "ldapwhoami should have failed ($RC)!" 155 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 156 1.1.1.3 adam exit 1 157 1.1 lukem fi 158 1.1 lukem 159 1.1 lukem AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 160 1.1 lukem echo "Testing ldapwhoami as proxy IT, $AUTHZID..." 161 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 162 1.1 lukem RC=$? 163 1.1.1.3 adam if test $RC != 0 && test $BACKEND != null ; then 164 1.1 lukem echo "ldapwhoami failed ($RC)!" 165 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 1.1 lukem exit $RC 167 1.1 lukem fi 168 1.1 lukem 169 1.1 lukem AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US" 170 1.1 lukem echo "Testing ldapwhoami as bjorn, $AUTHZID..." 171 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" 172 1.1 lukem RC=$? 173 1.1 lukem if test $RC != 0 ; then 174 1.1 lukem echo "ldapwhoami failed ($RC)!" 175 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 176 1.1 lukem exit $RC 177 1.1 lukem fi 178 1.1 lukem 179 1.1 lukem AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT" 180 1.1 lukem echo "Testing ldapwhoami as bjorn, $AUTHZID..." 181 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" 182 1.1 lukem RC=$? 183 1.1 lukem if test $RC != 0 ; then 184 1.1 lukem echo "ldapwhoami failed ($RC)!" 185 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 186 1.1 lukem exit $RC 187 1.1 lukem fi 188 1.1 lukem 189 1.1.1.7 christos AUTHZID="u:it/jaj" 190 1.1.1.7 christos echo "Checking another DB's rootdn can't assert identity from another DB..." 191 1.1.1.9 christos $LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID" 192 1.1.1.7 christos 193 1.1.1.7 christos RC=$? 194 1.1.1.7 christos if test $RC != 1 ; then 195 1.1.1.7 christos echo "ldapwhoami should have failed ($RC)!" 196 1.1.1.7 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 197 1.1.1.7 christos exit 1 198 1.1.1.7 christos fi 199 1.1.1.7 christos 200 1.1 lukem ID="uid=jaj,ou=People,dc=example,dc=it" 201 1.1 lukem BASE="o=Example,c=US" 202 1.1 lukem echo "Testing ldapsearch as $ID for \"$BASE\"..." 203 1.1.1.9 christos $LDAPSEARCH -H $URI1 -b "$BASE" \ 204 1.1 lukem -D "$ID" -w jaj > $SEARCHOUT 2>&1 205 1.1 lukem 206 1.1 lukem RC=$? 207 1.1.1.3 adam if test $RC != 0 && test $BACKEND != null ; then 208 1.1 lukem echo "ldapsearch failed ($RC)!" 209 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 210 1.1 lukem exit $RC 211 1.1 lukem fi 212 1.1 lukem 213 1.1 lukem echo "Filtering ldapsearch results..." 214 1.1.1.3 adam $LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT 215 1.1 lukem echo "Filtering original ldif used to create database..." 216 1.1.1.3 adam $LDIFFILTER -s ldif=e < $IDASSERTOUT > $LDIFFLT 217 1.1 lukem echo "Comparing filter output..." 218 1.1 lukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 219 1.1.1.3 adam 220 1.1 lukem if test $? != 0 ; then 221 1.1 lukem echo "comparison failed - search with identity assertion didn't succeed" 222 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 223 1.1 lukem exit 1 224 1.1 lukem fi 225 1.1 lukem 226 1.1 lukem if test $USE_SASL != "no" ; then 227 1.1 lukem ID="it/jaj" 228 1.1 lukem BASE="o=Example,c=US" 229 1.1 lukem echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." 230 1.1.1.9 christos $LDAPSASLSEARCH -H $URI1 -b "$BASE" \ 231 1.1 lukem -Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1 232 1.1 lukem 233 1.1 lukem RC=$? 234 1.1 lukem if test $RC != 0 ; then 235 1.1 lukem echo "ldapsearch failed ($RC)!" 236 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 237 1.1 lukem exit $RC 238 1.1 lukem fi 239 1.1 lukem 240 1.1.1.7 christos ID="manager" 241 1.1.1.7 christos AUTHZID="u:it/jaj" 242 1.1.1.7 christos echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..." 243 1.1.1.9 christos $LDAPSASLWHOAMI -H $URI1 \ 244 1.1.1.7 christos -Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID 245 1.1.1.7 christos 246 1.1.1.7 christos RC=$? 247 1.1.1.7 christos if test $RC != 50 ; then 248 1.1.1.7 christos echo "ldapwhoami should have failed ($RC)!" 249 1.1.1.7 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 250 1.1.1.7 christos exit 1 251 1.1.1.7 christos fi 252 1.1.1.7 christos 253 1.1 lukem echo "Filtering ldapsearch results..." 254 1.1.1.3 adam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 255 1.1 lukem echo "Filtering original ldif used to create database..." 256 1.1.1.3 adam $LDIFFILTER < $IDASSERTOUT > $LDIFFLT 257 1.1 lukem echo "Comparing filter output..." 258 1.1 lukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 259 1.1 lukem 260 1.1 lukem if test $? != 0 ; then 261 1.1 lukem echo "comparison failed - search with SASL bind and identity assertion didn't succeed" 262 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 263 1.1 lukem exit 1 264 1.1 lukem fi 265 1.1 lukem fi 266 1.1 lukem 267 1.1 lukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 268 1.1 lukem 269 1.1 lukem echo ">>>>> Test succeeded" 270 1.1 lukem 271 1.1 lukem test $KILLSERVERS != no && wait 272 1.1 lukem 273 1.1 lukem exit 0 274
Indexes created Tue Mar 03 05:31:39 UTC 2026