Skip to content
Snippets Groups Projects
Commit ce5869c8 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#9038 Update test028 to test this is enforced

parent f120d0e4
No related branches found
No related tags found
No related merge requests found
...@@ -4,6 +4,11 @@ objectClass: dcObject ...@@ -4,6 +4,11 @@ objectClass: dcObject
o: Example, Inc. o: Example, Inc.
dc: example dc: example
dn: cn=Manager,o=Example,c=US
objectClass: inetOrgPerson
cn: Manager
sn: Parson
dn: ou=People,o=Example,c=US dn: ou=People,o=Example,c=US
objectClass: organizationalUnit objectClass: organizationalUnit
ou: People ou: People
......
...@@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args ...@@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args
####################################################################### #######################################################################
authz-policy both authz-policy both
authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
......
...@@ -4,6 +4,12 @@ objectClass: dcObject ...@@ -4,6 +4,12 @@ objectClass: dcObject
o: Example, Inc. o: Example, Inc.
dc: example dc: example
dn: cn=Manager,dc=example,dc=com
objectClass: inetOrgPerson
cn: Manager
sn: Parson
userPassword: secret
dn: ou=People,dc=example,dc=com dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit objectClass: organizationalUnit
ou: People ou: People
......
...@@ -191,6 +191,17 @@ if test $RC != 0 ; then ...@@ -191,6 +191,17 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
AUTHZID="u:it/jaj"
echo "Checking another DB's rootdn can't assert identity from another DB..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID="uid=jaj,ou=People,dc=example,dc=it" ID="uid=jaj,ou=People,dc=example,dc=it"
BASE="o=Example,c=US" BASE="o=Example,c=US"
echo "Testing ldapsearch as $ID for \"$BASE\"..." echo "Testing ldapsearch as $ID for \"$BASE\"..."
...@@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then ...@@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then
exit $RC exit $RC
fi fi
ID="manager"
AUTHZID="u:it/jaj"
echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..."
$LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \
-Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID
RC=$?
if test $RC != 50 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Filtering ldapsearch results..." echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..." echo "Filtering original ldif used to create database..."
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment