Commit 63b1e663 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

cleanup; improvements to whoami test014

parent 7cfc2d1f
......@@ -102,10 +102,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -76,10 +76,8 @@ objectClass: extensibleObject
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -77,10 +77,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......@@ -181,10 +179,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -89,10 +89,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -386,10 +386,8 @@ objectclass: domainRelatedObject
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephonenumber: +1 313 764-1817
......
......@@ -103,10 +103,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -200,10 +200,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: EX.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -103,10 +103,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -69,7 +69,7 @@ access to attr=member,uniquemember
by dnattr=uniquemember selfwrite
by * read
access to attr=member,uniquemember filter=(mail=*edu)
access to attr=member,uniquemember filter=(mail=*com)
by * read
access to filter="(&(objectclass=groupofnames)(objectClass=groupofuniquenames)
......
# master slapd config -- for testing
# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2003 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
# password-hash {md5}
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#######################################################################
# ldbm database definitions
#######################################################################
authz-policy both
authz-regexp "^uid=group/([^,]+),.*" "ldap:///dc=example,dc=com??sub?cn=$1"
authz-regexp "^uid=([^,]+),.*" "ldap:///dc=example,dc=com??sub?uid=$1"
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
access to attr=authzFrom,authzTo
by * auth
access to attr=userpassword
by anonymous auth
by self write
access to *
by self write
by * read
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
......@@ -7,10 +7,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -8,10 +8,8 @@ objectclass: domainRelatedObject
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephonenumber: +1 313 764-1817
......
......@@ -9,10 +9,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephonenumber: +1 313 764-1817
......
This diff is collapsed.
......@@ -105,10 +105,8 @@ dc: example
l: Anytown, Michigan
st: Michigan
o: Example, Inc.
o: UMICH
o: UM
o: U-M
o: U of M
o: EX
o: Ex.
description: The Example, Inc. at Anytown
postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephoneNumber: +1 313 764-1817
......
......@@ -38,6 +38,7 @@ CONF=$DATADIR/slapd.conf
CONFTWO=$DATADIR/slapd2.conf
MCONF=$DATADIR/slapd-master.conf
PWCONF=$DATADIR/slapd-pw.conf
WHOAMICONF=$DATADIR/slapd-whoami.conf
ACLCONF=$DATADIR/slapd-acl.conf
RCONF=$DATADIR/slapd-referrals.conf
MASTERCONF=$DATADIR/slapd-repl-master.conf
......@@ -117,6 +118,7 @@ LDIFORDEREDCP=$DATADIR/test-ordered-cp.ldif
LDIFORDEREDNOCP=$DATADIR/test-ordered-nocp.ldif
LDIFBASE=$DATADIR/test-base.ldif
LDIFPASSWD=$DATADIR/passwd.ldif
LDIFWHOAMI=$DATADIR/test-whoami.ldif
LDIFPASSWDOUT=$DATADIR/passwd-out.ldif
LDIFPPOLICY=$DATADIR/ppolicy.ldif
LDIFLANG=$DATADIR/test-lang.ldif
......
......@@ -18,8 +18,17 @@ echo "running defines.sh"
mkdir -p $TESTDIR $DBDIR1
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Starting slapd on TCP/IP port $PORT..."
. $CONFFILTER $BACKEND $MONITORDB < $PWCONF > $CONF1
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
......@@ -82,9 +91,68 @@ if test $RC != 0 ; then
exit $RC
fi
echo "Testing ldapwhoami as ${MANAGERDN} for u:ursula..."
echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
-e \!authzid="u:ursula"
-e \!authzid="u:uham"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# authzFrom: someone else => njorn
echo "Testing authzFrom..."
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=melliot
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jdoe
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=jjones
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
......@@ -93,7 +161,211 @@ if test $RC != 0 ; then
exit $RC
fi
BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=noone
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=dots
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jaj
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
BINDPW=ITD
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Should Fail,dc=example,dc=com"
BINDPW=fail
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# authzTo: bjorn => someone else
echo "Testing authzTo..."
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:bjensen"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:melliot"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jdoe"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jjones"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:noone"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:dots"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jaj"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:group/itd staff"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:fail"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
exit 0
## Note to developers: the command
## awk '/<===slap_sasl_match:/ {if (s==0) {s=1;c=0} c++; if ($4==0) {print c;s=0}} END {if (s==1) print c}' testrun/slapd.1.log
## must return consecutive numbers from 1 to 9 twice to indicate
## that the authzFrom and authzTo rules applied in the right order.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment