test006-acls 3.83 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
#! /bin/sh
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
# $OpenLDAP$
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3

4
5
SRCDIR="."
if test $# -ge 1 ; then
6
7
	SRCDIR=$1; shift
fi
8

9
. $SRCDIR/scripts/args.sh $*
10

11
echo "running defines.sh"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
12
. $SRCDIR/scripts/defines.sh
Kurt Zeilenga's avatar
Kurt Zeilenga committed
13
14
15

echo "Cleaning up in $DBDIR..."

16
rm -f $DBDIR/[!C]*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
17

Kurt Zeilenga's avatar
Kurt Zeilenga committed
18
echo "Running slapadd to build slapd database..."
Kurt Zeilenga's avatar
Kurt Zeilenga committed
19
. $CONFFILTER $BACKEND $MONITORDB < $ACLCONF > $DBCONF
20
$SLAPADD -f $DBCONF -l $LDIFORDERED
Kurt Zeilenga's avatar
Kurt Zeilenga committed
21
RC=$?
Kurt Zeilenga's avatar
Kurt Zeilenga committed
22
if test $RC != 0 ; then
Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
	echo "slapadd failed ($RC)!"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
24
25
26
27
	exit $RC
fi

echo "Starting slapd on TCP/IP port $PORT..."
28
$SLAPD -f $DBCONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
Kurt Zeilenga's avatar
Kurt Zeilenga committed
29
PID=$!
30
31
32
33
if test $WAIT != 0 ; then
    echo PID $PID
    read foo
fi
Kurt Zeilenga's avatar
Kurt Zeilenga committed
34
35
36

echo "Testing slapd access control..."
for i in 0 1 2 3 4 5; do
37
	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT \
38
		'objectclass=*' > /dev/null 2>&1
Kurt Zeilenga's avatar
Kurt Zeilenga committed
39
	RC=$?
Howard Chu's avatar
Howard Chu committed
40
41
	if test $RC = 0 ; then
		break
Kurt Zeilenga's avatar
Kurt Zeilenga committed
42
	fi
Howard Chu's avatar
Howard Chu committed
43
44
	echo "Waiting 5 seconds for slapd to start..."
	sleep 5
Kurt Zeilenga's avatar
Kurt Zeilenga committed
45
46
done

Kurt Zeilenga's avatar
Kurt Zeilenga committed
47
if test $RC != 0 ; then
Kurt Zeilenga's avatar
Kurt Zeilenga committed
48
	echo "ldapsearch failed ($RC)!"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
49
50
51
52
53
54
55
56
57
58
59
	kill -HUP $PID
	exit $RC
fi

cat /dev/null > $SEARCHOUT

#
# Try to read an entry inside the Alumni Association container.  It should
# give us nothing if we're not bound, and should return all attributes
# if we're bound as anyone under UM.
#
60
$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT "objectclass=*" \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
61
62
	>> $SEARCHOUT 2>&1

63
$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
64
65
	-D "$BABSDN" -w bjensen "objectclass=*"  >> $SEARCHOUT 2>&1

Howard Chu's avatar
Howard Chu committed
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#
# Check group access. Try to modify Babs' entry. Two attempts:
# 1) bound as "James A Jones 1" - should fail
# 2) bound as "Bjorn Jensen" - should succeed

$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
	$TESTOUT 2>&1 << EOMODS5
dn: $BABSDN
changetype: modify
replace: drink
drink: wine

EOMODS5


$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \
	$TESTOUT 2>&1 << EOMODS6
dn: $BABSDN
changetype: modify
add: homephone
homephone: +1 313 555 5444

EOMODS6
Kurt Zeilenga's avatar
Kurt Zeilenga committed
89
90
91
92
93
94

#
# Try to add a "member" attribute to the "All Staff" group.  It should
# fail when we add some DN other than our own, and should succeed when
# we add our own DN.
# bjensen
95
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj > \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
96
	$TESTOUT 2>&1 << EOMODS1
97
version: 1
Kurt Zeilenga's avatar
Kurt Zeilenga committed
98
99
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
100
101
add: uniquemember
uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US
Kurt Zeilenga's avatar
Kurt Zeilenga committed
102
103
104

EOMODS1

105
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
106
	$TESTOUT 2>&1 << EOMODS2
107
version: 1
Kurt Zeilenga's avatar
Kurt Zeilenga committed
108

Kurt Zeilenga's avatar
Kurt Zeilenga committed
109
110
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
111
112
add: uniquemember
uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Michigan, c=US
Kurt Zeilenga's avatar
Kurt Zeilenga committed
113
114
115
116
117
118
119
EOMODS2

#
# Try to modify the "All Staff" group.  Two attempts are made:
# 1) bound as "James A Jones 1" - should fail
# 2) bound as "Barbara Jensen" - should succeed
#
120
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
121
122
	$TESTOUT 2>&1 << EOMODS3

Kurt Zeilenga's avatar
Kurt Zeilenga committed
123
124
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
changetype: modify
Kurt Zeilenga's avatar
Kurt Zeilenga committed
125
delete: description
Kurt Zeilenga's avatar
Kurt Zeilenga committed
126
127
128

EOMODS3

129
$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \
Kurt Zeilenga's avatar
Kurt Zeilenga committed
130
	$TESTOUT 2>&1 << EOMODS4
131
132
133
# COMMENT
version: 1
# comment
Kurt Zeilenga's avatar
Kurt Zeilenga committed
134
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
135
# comment
Kurt Zeilenga's avatar
Kurt Zeilenga committed
136
changetype: modify
137
# comment
138
add: ou
139
# comment
140
ou: Groups
141
# comment
Kurt Zeilenga's avatar
Kurt Zeilenga committed
142
143
144
EOMODS4

echo "Using ldapsearch to retrieve all the entries..."
145
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT \
Howard Chu's avatar
Howard Chu committed
146
	    'objectClass=*' >> $SEARCHOUT 2>&1
Kurt Zeilenga's avatar
Kurt Zeilenga committed
147
148
RC=$?
kill -HUP $PID
Kurt Zeilenga's avatar
Kurt Zeilenga committed
149
if test $RC != 0 ; then
Kurt Zeilenga's avatar
Kurt Zeilenga committed
150
	echo "ldapsearch failed ($RC)!"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
151
152
153
	exit $RC
fi

154
155
156
LDIF=$ACLOUTMASTER

echo "Filtering ldapsearch results..."
157
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
158
echo "Filtering original ldif used to create database..."
159
. $LDIFFILTER < $LDIF > $LDIFFLT
160
echo "Comparing filter output..."
161
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
162

Kurt Zeilenga's avatar
Kurt Zeilenga committed
163
if test $? != 0 ; then
Kurt Zeilenga's avatar
Kurt Zeilenga committed
164
165
166
167
168
169
170
171
	echo "comparison failed - modify operations did not complete correctly"
	exit 1
fi

echo ">>>>> Test succeeded"


exit 0