Commit 2e03241c authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

more fixes to test006; added sets test

parent f109f1eb
......@@ -47,6 +47,7 @@ member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
description: All Alumni Assoc Staff
description: added by jaj
cn: Alumni Assoc Staff
objectClass: groupOfNames
......@@ -271,6 +272,7 @@ uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
ple,dc=com
uniqueMember: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc
=com
ou: Groups
dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
,dc=com
......
......@@ -24,8 +24,14 @@ pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
# global ACLs
access to dn.exact="" attr=objectClass by users read
access to * by * read
#
# normal installations should protect root dse, cn=monitor, cn=subschema
#
access to dn.exact="" attr=objectClass
by users read
access to *
by * read
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
......@@ -45,18 +51,12 @@ rootpw secret
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
#
# normal installations should protect root dse, cn=monitor, cn=subschema
#
# these are equivalent
access to dn="" by * read
access to dn.exact="" by * read
#access to attr=objectclass dn.subtree="dc=example,dc=com"
access to attr=objectclass
by * =rsc stop
access to filter="(objectclass=person)" attr=userpassword dn.subtree=""
#access to filter="(objectclass=person)" attr=userpassword dn.subtree="dc=example,dc=com"
access to filter="(objectclass=person)" attr=userpassword
by anonymous auth
by self =wx
......@@ -65,15 +65,18 @@ access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
by dn.subtree="dc=example,dc=com" +rs continue
by * stop
#access to attr=member,uniquemember dn.subtree="dc=example,dc=com"
access to attr=member,uniquemember
by dnattr=member selfwrite
by dnattr=uniquemember selfwrite
by * read
access to attr=member,uniquemember filter="(mail=*com)"
#access to attr=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
access to attr=member,uniquemember filter="(mail=*com)"
by * read
access to filter="(&(objectclass=groupofnames)(objectClass=groupofuniquenames))"
#access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))"
by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" =sc continue
by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com$" +rw stop
by * break
......@@ -82,7 +85,12 @@ access to dn.children="ou=Information Technology Division,ou=People,dc=example,
by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,dc=example,dc=com" write
by * read
access to filter="(name=X*Y*Z)"
access to dn.exact="cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com"
by set="[cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com]/member* & user" write
by * read
#access to filter="(name=X*Y*Z)" dn.subtree="dc=example,dc=com"
access to filter="(name=X*Y*Z)"
by * continue
# fall into global ACLs
......@@ -92,7 +92,7 @@ homephone: +1 313 555 5444
EOMODS6
#
# Try to add a "member" attribute to the "All Staff" group. It should
# Try to add a "member" attribute to the "ITD Staff" group. It should
# fail when we add some DN other than our own, and should succeed when
# we add our own DN.
# bjensen
......@@ -117,9 +117,9 @@ uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,
EOMODS2
#
# Try to modify the "All Staff" group. Two attempts are made:
# Try to modify the "ITD Staff" group. Two attempts are made:
# 1) bound as "James A Jones 1" - should fail
# 2) bound as "Barbara Jensen" - should succeed
# 2) bound as "Bjorn Jensen" - should succeed
#
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS3
......@@ -145,6 +145,28 @@ ou: Groups
# comment
EOMODS4
#
# Try to modify the "ITD Staff" group. Two attempts are made:
# 1) bound as "James A Jones 1" - should succeed
# 2) bound as "Barbara Jensen" - should fail
# should exploit sets
#
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS5
dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
changetype: modify
add: description
description: added by jaj
EOMODS5
$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \
$TESTOUT 2>&1 << EOMODS6
dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
changetype: modify
add: description
description: added by bjensen
EOMODS6
echo "Using ldapsearch to retrieve all the entries..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'objectClass=*' >> $SEARCHOUT 2>&1
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment