Newer
Older
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2004 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
Pierangelo Masarati
committed
echo "### This test requires the ldap backend."
echo "### If available, and explicitly requested, it can use SASL bind;"
echo "### note that SASL must be properly set up, and the requested"
echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>},"
Pierangelo Masarati
committed
echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
if test $BACKLDAP = "ldapno" ; then
echo "LDAP backend not available, test skipped"
exit 0
fi
if test $WITH_SASL = "yes" ; then
if test $USE_SASL != "no" ; then
if test $USE_SASL = "yes" ; then
MECH="DIGEST-MD5"
else
MECH="$USE_SASL"
fi
echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
echo "Using proxyAuthz with simple authc..."
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
else
echo "SASL not available; using proxyAuthz with simple authc..."
fi
mkdir -p $TESTDIR $DBDIR1 $DBDIR2
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $ADDCONF
$SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1
RC=$?
if test $RC != 0 ; then
echo "slapadd -n 1 failed ($RC)!"
exit $RC
fi
$SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2
RC=$?
if test $RC != 0 ; then
echo "slapadd -n 2 failed ($RC)!"
exit $RC
fi
echo "Starting slapd on TCP/IP port $PORT..."
. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
echo "Testing ldapwhoami as proxy US..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="u:it/jaj"
echo "Testing ldapwhoami as proxy US, $AUTHZID..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="u:bjensen"
echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Testing ldapwhoami as proxy IT..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="u:it/jaj"
echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
echo "Testing ldapwhoami as proxy IT, $AUTHZID..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US"
echo "Testing ldapwhoami as bjorn, $AUTHZID..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT"
echo "Testing ldapwhoami as bjorn, $AUTHZID..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID="uid=jaj,ou=People,dc=example,dc=it"
BASE="o=Example,c=US"
echo "Testing ldapsearch as $ID for \"$BASE\"..."
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
-D "$ID" -w jaj > $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Filtering ldapsearch results..."
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
. $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
if test $? != 0 ; then
echo "comparison failed - search with identity assertion didn't succeed"
Pierangelo Masarati
committed
test $KILLSERVERS != no && kill -HUP $KILLPIDS
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
exit 1
fi
if test $USE_SASL != "no" ; then
ID="it/jaj"
BASE="o=Example,c=US"
echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
$LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
-Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Filtering ldapsearch results..."
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
. $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
if test $? != 0 ; then
echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
Pierangelo Masarati
committed
test $KILLSERVERS != no && kill -HUP $KILLPIDS
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
exit 0