From 1d420df7178eb5fa491e40dbba517b89ede7fae5 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Mon, 29 Oct 2012 12:20:25 +0100
Subject: [PATCH] ITS#7423 Update slapo-constraint tests

---
 tests/data/constraint/constraint.out |  2 ++
 tests/data/constraint/root.ldif      | 20 ++++++++++++++++++++
 tests/data/constraint/t_fail_01.ldif |  2 +-
 tests/data/constraint/t_fail_02.ldif |  2 +-
 tests/data/constraint/t_fail_03.ldif |  2 +-
 tests/data/constraint/t_fail_04.ldif |  2 +-
 tests/data/constraint/t_fail_05.ldif |  2 +-
 tests/data/constraint/t_fail_06.ldif |  2 +-
 tests/data/constraint/t_fail_07.ldif |  2 +-
 tests/data/constraint/t_fail_08.ldif |  2 +-
 tests/data/constraint/t_fail_09.ldif |  2 +-
 tests/data/constraint/t_fail_10.ldif |  2 +-
 tests/data/constraint/t_fail_11.ldif |  2 +-
 tests/data/constraint/t_fail_12.ldif |  2 +-
 tests/data/constraint/t_fail_13.ldif |  2 +-
 tests/data/constraint/t_fail_14.ldif |  2 +-
 tests/data/constraint/t_fail_15.ldif |  5 +++++
 tests/data/constraint/t_ok_01.ldif   |  2 +-
 tests/data/constraint/t_ok_02.ldif   |  2 +-
 tests/data/constraint/t_ok_03.ldif   |  2 +-
 tests/data/constraint/t_ok_04.ldif   |  2 +-
 tests/data/constraint/t_ok_05.ldif   |  2 +-
 tests/data/constraint/t_ok_06.ldif   |  2 +-
 tests/data/constraint/t_ok_07.ldif   |  2 +-
 tests/data/constraint/t_ok_08.ldif   |  2 +-
 tests/data/constraint/t_ok_09.ldif   |  2 +-
 tests/data/constraint/t_ok_10.ldif   |  2 +-
 tests/data/constraint/t_ok_11.ldif   |  2 +-
 tests/data/constraint/t_ok_12.ldif   |  2 +-
 tests/data/constraint/t_ok_13.ldif   |  2 +-
 tests/data/constraint/t_ok_14.ldif   |  2 +-
 tests/data/constraint/t_ok_15.ldif   |  5 +++++
 tests/data/constraint/user.ldif      |  3 ++-
 tests/scripts/test064-constraint     | 12 ++++++++++--
 34 files changed, 72 insertions(+), 31 deletions(-)
 create mode 100644 tests/data/constraint/t_fail_15.ldif
 create mode 100644 tests/data/constraint/t_ok_15.ldif

diff --git a/tests/data/constraint/constraint.out b/tests/data/constraint/constraint.out
index f2d21e998e..468d3afc6e 100644
--- a/tests/data/constraint/constraint.out
+++ b/tests/data/constraint/constraint.out
@@ -12,6 +12,8 @@ OK
 OK
 OK
 OK
+OK
+FAIL
 FAIL
 FAIL
 FAIL
diff --git a/tests/data/constraint/root.ldif b/tests/data/constraint/root.ldif
index 3e099fcb12..6c2969060d 100644
--- a/tests/data/constraint/root.ldif
+++ b/tests/data/constraint/root.ldif
@@ -3,3 +3,23 @@ objectclass: dcObject
 objectclass: organization
 dc: example
 o: My Domain corp.
+
+dn: ou=users,dc=example,dc=com
+ou: users
+objectclass: organizationalUnit
+
+dn: ou=groups,dc=example,dc=com
+ou: groups
+objectclass: organizationalUnit
+
+dn: uid=1,ou=groups,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: test 1
+sn: test1
+uid: 1
+
+dn: uid=2,ou=groups,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: test 2
+sn: test2
+uid: 2
diff --git a/tests/data/constraint/t_fail_01.ldif b/tests/data/constraint/t_fail_01.ldif
index f90f33c10f..e0c82e2896 100644
--- a/tests/data/constraint/t_fail_01.ldif
+++ b/tests/data/constraint/t_fail_01.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_02.ldif b/tests/data/constraint/t_fail_02.ldif
index cccbb18b51..462a1748ff 100644
--- a/tests/data/constraint/t_fail_02.ldif
+++ b/tests/data/constraint/t_fail_02.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_03.ldif b/tests/data/constraint/t_fail_03.ldif
index 41b0d08664..471a332b5b 100644
--- a/tests/data/constraint/t_fail_03.ldif
+++ b/tests/data/constraint/t_fail_03.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_04.ldif b/tests/data/constraint/t_fail_04.ldif
index f5e449aa8e..747357c77d 100644
--- a/tests/data/constraint/t_fail_04.ldif
+++ b/tests/data/constraint/t_fail_04.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_05.ldif b/tests/data/constraint/t_fail_05.ldif
index f2ed68d789..da48748454 100644
--- a/tests/data/constraint/t_fail_05.ldif
+++ b/tests/data/constraint/t_fail_05.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_06.ldif b/tests/data/constraint/t_fail_06.ldif
index 17bdc2e1c1..950cf5b40f 100644
--- a/tests/data/constraint/t_fail_06.ldif
+++ b/tests/data/constraint/t_fail_06.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_fail_07.ldif b/tests/data/constraint/t_fail_07.ldif
index a7539dd5de..85c8c6377e 100644
--- a/tests/data/constraint/t_fail_07.ldif
+++ b/tests/data/constraint/t_fail_07.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_fail_08.ldif b/tests/data/constraint/t_fail_08.ldif
index f2269ede01..7dc94ac817 100644
--- a/tests/data/constraint/t_fail_08.ldif
+++ b/tests/data/constraint/t_fail_08.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_09.ldif b/tests/data/constraint/t_fail_09.ldif
index 10e2b9893f..61c2799aa2 100644
--- a/tests/data/constraint/t_fail_09.ldif
+++ b/tests/data/constraint/t_fail_09.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_fail_10.ldif b/tests/data/constraint/t_fail_10.ldif
index 812e8662eb..d50f9117cf 100644
--- a/tests/data/constraint/t_fail_10.ldif
+++ b/tests/data/constraint/t_fail_10.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: example@not-allowed.com
diff --git a/tests/data/constraint/t_fail_11.ldif b/tests/data/constraint/t_fail_11.ldif
index e3e9d4b5cf..48bed059da 100644
--- a/tests/data/constraint/t_fail_11.ldif
+++ b/tests/data/constraint/t_fail_11.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
 mail: original@example.com
diff --git a/tests/data/constraint/t_fail_12.ldif b/tests/data/constraint/t_fail_12.ldif
index 60558edd81..071d829e30 100644
--- a/tests/data/constraint/t_fail_12.ldif
+++ b/tests/data/constraint/t_fail_12.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
 mail: original@example.com
diff --git a/tests/data/constraint/t_fail_13.ldif b/tests/data/constraint/t_fail_13.ldif
index 855de83021..b8c2ab522e 100644
--- a/tests/data/constraint/t_fail_13.ldif
+++ b/tests/data/constraint/t_fail_13.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: givenname
 givenname: Joe
diff --git a/tests/data/constraint/t_fail_14.ldif b/tests/data/constraint/t_fail_14.ldif
index 5ba56812c0..090e48b0e7 100644
--- a/tests/data/constraint/t_fail_14.ldif
+++ b/tests/data/constraint/t_fail_14.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: sn
 sn: Down
diff --git a/tests/data/constraint/t_fail_15.ldif b/tests/data/constraint/t_fail_15.ldif
new file mode 100644
index 0000000000..94d7dd7614
--- /dev/null
+++ b/tests/data/constraint/t_fail_15.ldif
@@ -0,0 +1,5 @@
+dn: cn=John Doe,ou=users,dc=example,dc=com
+changetype: modify
+replace: uid
+uid: 3
+
diff --git a/tests/data/constraint/t_ok_01.ldif b/tests/data/constraint/t_ok_01.ldif
index 3724eb0e08..57664610ae 100644
--- a/tests/data/constraint/t_ok_01.ldif
+++ b/tests/data/constraint/t_ok_01.ldif
@@ -1,3 +1,3 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
diff --git a/tests/data/constraint/t_ok_02.ldif b/tests/data/constraint/t_ok_02.ldif
index 20526bdb6b..17ce4b2a33 100644
--- a/tests/data/constraint/t_ok_02.ldif
+++ b/tests/data/constraint/t_ok_02.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_ok_03.ldif b/tests/data/constraint/t_ok_03.ldif
index 311fa0df21..3d2a9d1e17 100644
--- a/tests/data/constraint/t_ok_03.ldif
+++ b/tests/data/constraint/t_ok_03.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_ok_04.ldif b/tests/data/constraint/t_ok_04.ldif
index 3724eb0e08..57664610ae 100644
--- a/tests/data/constraint/t_ok_04.ldif
+++ b/tests/data/constraint/t_ok_04.ldif
@@ -1,3 +1,3 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
diff --git a/tests/data/constraint/t_ok_05.ldif b/tests/data/constraint/t_ok_05.ldif
index 0f24b2abae..c30d339d79 100644
--- a/tests/data/constraint/t_ok_05.ldif
+++ b/tests/data/constraint/t_ok_05.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_ok_06.ldif b/tests/data/constraint/t_ok_06.ldif
index dbe8670ee6..eef34bd8e3 100644
--- a/tests/data/constraint/t_ok_06.ldif
+++ b/tests/data/constraint/t_ok_06.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
 -
diff --git a/tests/data/constraint/t_ok_07.ldif b/tests/data/constraint/t_ok_07.ldif
index d2293e04de..f5c733368b 100644
--- a/tests/data/constraint/t_ok_07.ldif
+++ b/tests/data/constraint/t_ok_07.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: mail
 -
diff --git a/tests/data/constraint/t_ok_08.ldif b/tests/data/constraint/t_ok_08.ldif
index 450b4c0173..40b7fa9f71 100644
--- a/tests/data/constraint/t_ok_08.ldif
+++ b/tests/data/constraint/t_ok_08.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_ok_09.ldif b/tests/data/constraint/t_ok_09.ldif
index b161e1b7d5..73cec0154b 100644
--- a/tests/data/constraint/t_ok_09.ldif
+++ b/tests/data/constraint/t_ok_09.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 replace: mail
 mail: a@example.com
diff --git a/tests/data/constraint/t_ok_10.ldif b/tests/data/constraint/t_ok_10.ldif
index 7eb72cdc2f..367e9a895e 100644
--- a/tests/data/constraint/t_ok_10.ldif
+++ b/tests/data/constraint/t_ok_10.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_ok_11.ldif b/tests/data/constraint/t_ok_11.ldif
index 04766bf3a4..76cbb172a2 100644
--- a/tests/data/constraint/t_ok_11.ldif
+++ b/tests/data/constraint/t_ok_11.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_ok_12.ldif b/tests/data/constraint/t_ok_12.ldif
index 1cfab0a968..ce89978645 100644
--- a/tests/data/constraint/t_ok_12.ldif
+++ b/tests/data/constraint/t_ok_12.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_ok_13.ldif b/tests/data/constraint/t_ok_13.ldif
index acd5771d33..0e9257e1f2 100644
--- a/tests/data/constraint/t_ok_13.ldif
+++ b/tests/data/constraint/t_ok_13.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 add: mail
 mail: b@example.com
diff --git a/tests/data/constraint/t_ok_14.ldif b/tests/data/constraint/t_ok_14.ldif
index 127e463b5b..96ef3a4974 100644
--- a/tests/data/constraint/t_ok_14.ldif
+++ b/tests/data/constraint/t_ok_14.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 changetype: modify
 delete: description
 description: desc1
diff --git a/tests/data/constraint/t_ok_15.ldif b/tests/data/constraint/t_ok_15.ldif
new file mode 100644
index 0000000000..9352caa192
--- /dev/null
+++ b/tests/data/constraint/t_ok_15.ldif
@@ -0,0 +1,5 @@
+dn: cn=John Doe,ou=users,dc=example,dc=com
+changetype: modify
+replace: uid
+uid: 2
+
diff --git a/tests/data/constraint/user.ldif b/tests/data/constraint/user.ldif
index cc244534b3..6150462f3f 100644
--- a/tests/data/constraint/user.ldif
+++ b/tests/data/constraint/user.ldif
@@ -1,4 +1,4 @@
-dn: cn=John Doe,dc=example,dc=com
+dn: cn=John Doe,ou=users,dc=example,dc=com
 objectclass: inetOrgPerson
 objectclass: organizationalPerson
 cn: John Doe
@@ -7,3 +7,4 @@ sn: Doe
 mail: original@example.com
 description: desc1
 description: desc2
+uid: 1
diff --git a/tests/scripts/test064-constraint b/tests/scripts/test064-constraint
index a3104e168f..79b9814eca 100755
--- a/tests/scripts/test064-constraint
+++ b/tests/scripts/test064-constraint
@@ -13,7 +13,7 @@ ROOTLDIF="$CONSTRAINTDIR/root.ldif"
 USERLDIF="$CONSTRAINTDIR/user.ldif"
 RESULTOUT="$CONSTRAINTDIR/constraint.out"
 SCRIPTOUT="$TESTDIR/constraint.out"
-USERDN="cn=John Doe,$BASEDN"
+USERDN="cn=John Doe,ou=users,$BASEDN"
 
 CONFDIR=$TESTDIR/slapd.d
 mkdir -p $TESTDIR $CONFDIR $DBDIR1
@@ -88,13 +88,21 @@ dn: olcOverlay=constraint,olcDatabase={1}$BACKEND,cn=config
 objectClass: olcOverlayConfig
 objectClass: olcConstraintConfig
 olcOverlay: constraint
-olcConstraintAttribute: mail count 3
+olcConstraintAttribute: mail
+  count 3
+  restrict="ldap:///ou=users,$BASEDN??one?(objectClass=inetOrgPerson)"
+# check if restrict works (if not, this will apply to ou=users subtree as well
+# and some tests will fail)
+olcConstraintAttribute: mail count 1 restrict="ldap:///ou=groups,$BASEDN??one"
 olcConstraintAttribute: mail regex ^[[:alnum:]]+@example.com$
 olcConstraintAttribute: description count 2
 # cn value has to be concatenated givenName SP sn
 olcConstraintAttribute: cn,sn,givenName
   set "(this/givenName + [ ] + this/sn) & this/cn"
   restrict="ldap:///$USERDN??sub?(objectClass=inetOrgPerson)"
+olcConstraintAttribute: uid
+  uri "ldap:///ou=groups,$BASEDN?uid?one?(objectClass=inetOrgPerson)"
+  restrict="ldap:///ou=users,$BASEDN??one"
 EOF
 
 $SLAPADD -F $CONFDIR -n 0 -l $TESTDIR/config.ldif
-- 
GitLab