Commit 434c8180 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Additional tests from HEAD

parent 1661c7c9
# Searching "dc=example,dc=com" (should fail)...
# Searching "dc=example,dc=com" (should succeed with no results)...
# Searching "dc=example,dc=com" as "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed)...
dn: dc=example,dc=com
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
objectClass: dcObject
dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 555 1817
associatedDomain: example.com
# Searching "ou=Groups,dc=example,dc=com" as "cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed)...
dn: cn=All Staff,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
ple,dc=com
member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
mple,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
e,dc=com
owner: cn=Manager,dc=example,dc=com
cn: All Staff
description: Everyone in the sample data
objectClass: groupOfNames
dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
description: All Alumni Assoc Staff
cn: Alumni Assoc Staff
objectClass: groupOfNames
dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
description: All ITD Staff
cn: ITD Staff
objectClass: groupOfUniqueNames
uniqueMember: cn=Manager,dc=example,dc=com
uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
example,dc=com
uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
dc=example,dc=com
uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
ple,dc=com
# Searching "ou=Groups,dc=example,dc=com" as "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed with no results)...
# base
dn: o=valsort
objectClass: top
objectClass: organization
o: valsort
description: valsort test database
# container
dn: ou=users,o=valsort
objectClass: top
objectClass: organizationalUnit
ou: users
description: container for test valsort users
# manager
dn: uid=george,ou=users,o=valsort
objectClass: OpenLDAPperson
uid: george
sn: jungle
sn: alpha
sn: zib
sn: tree
cn: george
businessCategory: test
carLicense: SAMPLE
departmentNumber: 1
departmentNumber: 5
departmentNumber: 3
departmentNumber: 10
departmentNumber: 72
departmentNumber: 37
departmentNumber: 46
displayName: George
employeeNumber: 5150
employeeType: {1}contractor
employeeType: {1}staff
employeeType: {1}anarchist
givenName: Big G
ou: {1}Chemistry
ou: {8}Academia
ou: {3}Hum Bio
ou: {2}Computer Science
mailPreferenceOption: 3
mailPreferenceOption: 87
mailPreferenceOption: 22
mailPreferenceOption: 1
mailPreferenceOption: 66
dn: o=valsort
objectClass: top
objectClass: organization
o: valsort
description: valsort test database
dn: ou=users,o=valsort
objectClass: top
objectClass: organizationalUnit
ou: users
description: container for test valsort users
dn: uid=george,ou=users,o=valsort
objectClass: OpenLDAPperson
uid: george
sn: alpha
sn: jungle
sn: tree
sn: zib
cn: george
businessCategory: test
carLicense: SAMPLE
departmentNumber: 1
departmentNumber: 10
departmentNumber: 3
departmentNumber: 37
departmentNumber: 46
departmentNumber: 5
departmentNumber: 72
displayName: George
employeeNumber: 5150
employeeType: anarchist
employeeType: contractor
employeeType: staff
givenName: Big G
ou: Chemistry
ou: Computer Science
ou: Hum Bio
ou: Academia
mailPreferenceOption: 1
mailPreferenceOption: 3
mailPreferenceOption: 22
mailPreferenceOption: 66
mailPreferenceOption: 87
dn: o=valsort
objectClass: top
objectClass: organization
o: valsort
description: valsort test database
dn: ou=users,o=valsort
objectClass: top
objectClass: organizationalUnit
ou: users
description: container for test valsort users
dn: uid=george,ou=users,o=valsort
objectClass: OpenLDAPperson
uid: george
sn: zib
sn: tree
sn: jungle
sn: alpha
cn: george
businessCategory: test
carLicense: SAMPLE
departmentNumber: 72
departmentNumber: 5
departmentNumber: 46
departmentNumber: 37
departmentNumber: 3
departmentNumber: 10
departmentNumber: 1
displayName: George
employeeNumber: 5150
employeeType: staff
employeeType: contractor
employeeType: anarchist
givenName: Big G
ou: Chemistry
ou: Computer Science
ou: Hum Bio
ou: Academia
mailPreferenceOption: 87
mailPreferenceOption: 66
mailPreferenceOption: 22
mailPreferenceOption: 3
mailPreferenceOption: 1
dn: o=valsort
objectClass: top
objectClass: organization
o: valsort
description: valsort test database
dn: ou=users,o=valsort
objectClass: top
objectClass: organizationalUnit
ou: users
description: container for test valsort users
dn: uid=george,ou=users,o=valsort
objectClass: OpenLDAPperson
uid: george
sn: zib
sn: tree
sn: jungle
sn: alpha
cn: george
businessCategory: test
carLicense: SAMPLE
departmentNumber: 72
departmentNumber: 5
departmentNumber: 46
departmentNumber: 37
departmentNumber: 3
departmentNumber: 10
departmentNumber: 1
displayName: George
employeeNumber: 5150
employeeType: staff
employeeType: contractor
employeeType: anarchist
givenName: Big G
ou: Chemistry
ou: Computer Science
ou: Hum Bio
ou: Academia
mailPreferenceOption: 87
mailPreferenceOption: 66
mailPreferenceOption: 22
mailPreferenceOption: 3
mailPreferenceOption: 1
dn: uid=dave,ou=users,o=valsort
objectClass: OpenLDAPperson
uid: dave
sn: nothere
cn: dave
businessCategory: otest
carLicense: TEST
departmentNumber: 42
displayName: Dave
employeeNumber: 69
employeeType: contractor
givenName: Dave
ou: Test
ou: Is
ou: Okay
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2004 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $BACKSQL = "sqlno" ; then
echo "SQL backend not available, test skipped"
exit 0
fi
if test $RDBMS = "rdbmsno" ; then
echo "SQL test not requested, test skipped"
exit 0
fi
SQLDATADIR=$TESTDIR/sql-concurrency
mkdir -p $SQLDATADIR
echo "Starting slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
echo "Testing SQL backend concurrency..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Using ldapsearch to retrieve all the entries..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectClass=*)' > $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Filtering original ldif used to create database..."
. $LDIFFILTER < $SEARCHOUT > $LDIFFLT
if test "${RDBMSWRITE}" != "yes"; then
echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable"
cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \
$SQLDATADIR
else
case ${RDBMS} in
# list here the RDBMSes whose mapping allows writes
pgsql|ibmdb2)
cp $SQLCONCURRENCYDIR/do_* $SQLDATADIR
;;
*)
echo "write is not supported for ${RDBMS}; performing read-only concurrency test"
cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \
$SQLDATADIR
;;
esac
fi
echo "Using tester for concurrent server access..."
$SLAPDTESTER -P "$PROGDIR" -d "$SQLDATADIR" \
-h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 5 -j 4
RC=$?
if test $RC != 0 ; then
echo "slapd-tester failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Using ldapsearch to retrieve all the entries..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectClass=*)' > $SEARCHOUT 2>&1
RC=$?
test $KILLSERVERS != no && kill -HUP $KILLPIDS
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
exit $RC
fi
echo "Filtering ldapsearch results..."
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
if test $? != 0 ; then
echo "comparison failed - database was not created correctly"
exit 1
fi
echo ">>>>> Test succeeded"
exit 0
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
case "$BACKEND" in
bdb|hdb|ldbm)
;;
*)
echo "Test does not support $BACKEND backend"
exit 0
esac
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test "$ACI" = "acino" ; then
echo "ACI not enabled; skipping..."
exit 0
fi
mkdir -p $TESTDIR $DBDIR1
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1
$SLAPADD -f $CONF1 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Starting slapd on TCP/IP port $PORT1..."
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
echo "Testing slapd ACI access control..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
cat /dev/null > $SEARCHOUT
cat /dev/null > $TESTOUT
# Search must fail
BASEDN="dc=example,dc=com"
echo "Searching \"$BASEDN\" (should fail)..."
echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT
$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 32 ; then
echo "ldapsearch should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Bind must fail
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
echo "Testing ldapwhoami as ${BINDDN} (should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
RC=$?
if test $RC = 0 ; then
echo "ldapwhoami should have failed!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Populate ACIs
echo "Writing ACIs as \"$MANAGERDN\"..."
$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \
>> $TESTOUT 2>&1 << EOMODS0
dn: dc=example,dc=com
changetype: modify
add: OpenLDAPaci
OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe
mber#cn=ITD Staff,ou=Groups,dc=example,dc=com
OpenLDAPaci: 1#entry#grant;d;[all]#public#
dn: ou=People,dc=example,dc=com
changetype: modify
add: OpenLDAPaci
OpenLDAPaci: 0#subtree#grant;x;userPassword#public#
OpenLDAPaci: 1#subtree#grant;w;userPassword#self#
OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf
ormation Technology Division,ou=People,dc=example,dc=com
dn: ou=Groups,dc=example,dc=com
changetype: modify
add: OpenLDAPaci
OpenLDAPaci: 0#entry#grant;s;[all]#public#
OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen
sen,ou=Information Technology Division,ou=People,dc=example,dc=com
EOMODS0
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Search must succeed with no results
BASEDN="dc=example,dc=com"
echo "Searching \"$BASEDN\" (should succeed with no results)..."
echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT
$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 0 ; then
### TEMPORARY (see ITS#3963)
echo "ldapsearch failed ($RC)! IGNORED..."
###echo "ldapsearch failed ($RC)!"
###test $KILLSERVERS != no && kill -HUP $KILLPIDS
###exit $RC
fi
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
echo "Testing ldapwhoami as ${BINDDN}..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Search must succeed
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
BASEDN="dc=example,dc=com"
echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
-D "$BINDDN" -w "$BINDPW" \
'(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Passwd must succeed
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
NEWPW=jdoe
echo "Setting \"$TGT\" password..."
$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
-w "$BINDPW" -s "$NEWPW" \
-D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldappasswd failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Re-change as self...
echo "Changing self password..."
BINDDN="$TGT"
BINDPW=$NEWPW
TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
NEWPW=newcred
$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
-w "$BINDPW" -s "$NEWPW" \
-D "$BINDDN" "$TGT" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldappasswd failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Searching groups
BINDPW=$NEWPW
BASEDN="ou=Groups,dc=example,dc=com"
echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..."
echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT
$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
-D "$BINDDN" -w "$BINDPW" \
'(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# Search must fail
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
-D "$BINDDN" -w "$BINDPW" \
'(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit