12de962bdSlukem#! /bin/sh 2d11b170bStron# $OpenLDAP$ 32de962bdSlukem## This work is part of OpenLDAP Software <http://www.openldap.org/>. 42de962bdSlukem## 5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation. 62de962bdSlukem## All rights reserved. 72de962bdSlukem## 82de962bdSlukem## Redistribution and use in source and binary forms, with or without 92de962bdSlukem## modification, are permitted only as authorized by the OpenLDAP 102de962bdSlukem## Public License. 112de962bdSlukem## 122de962bdSlukem## A copy of this license is available in the file LICENSE in the 132de962bdSlukem## top-level directory of the distribution or, alternatively, at 142de962bdSlukem## <http://www.OpenLDAP.org/license.html>. 152de962bdSlukem 16ef2f90d3Sadamcase "$BACKEND" in ldif | null) 17ef2f90d3Sadam echo "$BACKEND backend does not support access controls, test skipped" 182de962bdSlukem exit 0 192de962bdSlukemesac 202de962bdSlukem 212de962bdSlukemecho "running defines.sh" 222de962bdSlukem. $SRCDIR/scripts/defines.sh 232de962bdSlukem 242de962bdSlukemmkdir -p $TESTDIR $DBDIR1 252de962bdSlukem 262de962bdSlukemecho "Running slapadd to build slapd database..." 27*e670fd5cSchristos. $CONFFILTER $BACKEND < $ACLCONF > $CONF1 282de962bdSlukem$SLAPADD -f $CONF1 -l $LDIFORDERED 292de962bdSlukemRC=$? 302de962bdSlukemif test $RC != 0 ; then 312de962bdSlukem echo "slapadd failed ($RC)!" 322de962bdSlukem exit $RC 332de962bdSlukemfi 342de962bdSlukem 352de962bdSlukemecho "Starting slapd on TCP/IP port $PORT1..." 36*e670fd5cSchristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 372de962bdSlukemPID=$! 382de962bdSlukemif test $WAIT != 0 ; then 392de962bdSlukem echo PID $PID 402de962bdSlukem read foo 412de962bdSlukemfi 422de962bdSlukemKILLPIDS="$PID" 432de962bdSlukem 442de962bdSlukemsleep 1 452de962bdSlukem 462de962bdSlukemecho "Testing slapd access control..." 472de962bdSlukemfor i in 0 1 2 3 4 5; do 48*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 492de962bdSlukem 'objectclass=*' > /dev/null 2>&1 502de962bdSlukem RC=$? 512de962bdSlukem if test $RC = 0 ; then 522de962bdSlukem break 532de962bdSlukem fi 542de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 552de962bdSlukem sleep 5 562de962bdSlukemdone 572de962bdSlukem 582de962bdSlukemif test $RC != 0 ; then 592de962bdSlukem echo "ldapsearch failed ($RC)!" 602de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 612de962bdSlukem exit $RC 622de962bdSlukemfi 632de962bdSlukem 642de962bdSlukemcat /dev/null > $SEARCHOUT 652de962bdSlukem 662de962bdSlukemecho "# Try to read an entry inside the Alumni Association container. 672de962bdSlukem# It should give us noSuchObject if we're not bound..." \ 682de962bdSlukem>> $SEARCHOUT 692de962bdSlukem# FIXME: temporarily remove the "No such object" message to make 702de962bdSlukem# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd 71*e670fd5cSchristos$LDAPSEARCH -b "$JAJDN" -H $URI1 "(objectclass=*)" \ 72d11b170bStron 2>&1 | grep -v "No such object" >> $SEARCHOUT 732de962bdSlukem 742de962bdSlukemecho "# ... and should return all attributes if we're bound as anyone 752de962bdSlukem# under Example." \ 762de962bdSlukem>> $SEARCHOUT 77*e670fd5cSchristos$LDAPSEARCH -b "$JAJDN" -H $URI1 \ 782de962bdSlukem -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 792de962bdSlukem 802de962bdSlukem# ITS#4253, ITS#4255 812de962bdSlukemecho "# Checking exact/regex attrval clause" >> $SEARCHOUT 82*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 832de962bdSlukem -D "$BABSDN" -w bjensen \ 842de962bdSlukem -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 85*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 862de962bdSlukem -D "$BJORNSDN" -w bjorn \ 872de962bdSlukem -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 882de962bdSlukem 89*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 902de962bdSlukem -D "$BABSDN" -w bjensen \ 912de962bdSlukem -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 92*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 932de962bdSlukem -D "$BJORNSDN" -w bjorn \ 942de962bdSlukem -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 952de962bdSlukem 96*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 972de962bdSlukem -D "$BABSDN" -w bjensen \ 982de962bdSlukem -b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 99*e670fd5cSchristos$LDAPSEARCH -H $URI1 \ 1002de962bdSlukem -D "$BJORNSDN" -w bjorn \ 1012de962bdSlukem -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 1022de962bdSlukem 1032de962bdSlukem# check selfwrite access (ITS#4587). 6 attempts are made: 1042de962bdSlukem# 1) delete someone else (should fail) 1052de962bdSlukem# 2) delete self (should succeed) 1062de962bdSlukem# 3) add someone else (should fail) 1072de962bdSlukem# 4) add someone else and self (should fail) 1082de962bdSlukem# 5) add self and someone else (should fail) 1092de962bdSlukem# 6) add self (should succeed) 1102de962bdSlukem# 111*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 1122de962bdSlukem $TESTOUT 2>&1 << EOMODS 1132de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 1142de962bdSlukemchangetype: modify 1152de962bdSlukemdelete: member 1162de962bdSlukemmember: $BABSDN 1172de962bdSlukemEOMODS 1182de962bdSlukemRC=$? 1192de962bdSlukemcase $RC in 1202de962bdSlukem50) 1212de962bdSlukem ;; 1222de962bdSlukem0) 1232de962bdSlukem echo "ldapmodify should have failed ($RC)!" 1242de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1252de962bdSlukem exit -1 1262de962bdSlukem ;; 1272de962bdSlukem*) 1282de962bdSlukem echo "ldapmodify failed ($RC)!" 1292de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1302de962bdSlukem exit $RC 1312de962bdSlukem ;; 1322de962bdSlukemesac 1332de962bdSlukem 134*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 1352de962bdSlukem $TESTOUT 2>&1 << EOMODS 1362de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 1372de962bdSlukemchangetype: modify 1382de962bdSlukemdelete: member 1392de962bdSlukemmember: $JAJDN 1402de962bdSlukemEOMODS 1412de962bdSlukemRC=$? 1422de962bdSlukemif test $RC != 0 ; then 1432de962bdSlukem echo "ldapmodify failed ($RC)!" 1442de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1452de962bdSlukem exit $RC 1462de962bdSlukemfi 1472de962bdSlukem 148*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 1492de962bdSlukem $TESTOUT 2>&1 << EOMODS 1502de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 1512de962bdSlukemchangetype: modify 1522de962bdSlukemadd: member 1532de962bdSlukemmember: cn=Foo,ou=Bar 1542de962bdSlukemEOMODS 1552de962bdSlukemRC=$? 1562de962bdSlukemcase $RC in 1572de962bdSlukem50) 1582de962bdSlukem ;; 1592de962bdSlukem0) 1602de962bdSlukem echo "ldapmodify should have failed ($RC)!" 1612de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1622de962bdSlukem exit -1 1632de962bdSlukem ;; 1642de962bdSlukem*) 1652de962bdSlukem echo "ldapmodify failed ($RC)!" 1662de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1672de962bdSlukem exit $RC 1682de962bdSlukem ;; 1692de962bdSlukemesac 1702de962bdSlukem 171*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 1722de962bdSlukem $TESTOUT 2>&1 << EOMODS 1732de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 1742de962bdSlukemchangetype: modify 1752de962bdSlukemadd: member 1762de962bdSlukemmember: cn=Foo,ou=Bar 1772de962bdSlukemmember: $JAJDN 1782de962bdSlukemEOMODS 1792de962bdSlukemRC=$? 1802de962bdSlukemcase $RC in 1812de962bdSlukem50) 1822de962bdSlukem ;; 1832de962bdSlukem0) 1842de962bdSlukem echo "ldapmodify should have failed ($RC)!" 1852de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1862de962bdSlukem exit -1 1872de962bdSlukem ;; 1882de962bdSlukem*) 1892de962bdSlukem echo "ldapmodify failed ($RC)!" 1902de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1912de962bdSlukem exit $RC 1922de962bdSlukem ;; 1932de962bdSlukemesac 1942de962bdSlukem 195*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 1962de962bdSlukem $TESTOUT 2>&1 << EOMODS 1972de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 1982de962bdSlukemchangetype: modify 1992de962bdSlukemadd: member 2002de962bdSlukemmember: $JAJDN 2012de962bdSlukemmember: cn=Foo,ou=Bar 2022de962bdSlukemEOMODS 2032de962bdSlukemRC=$? 2042de962bdSlukemcase $RC in 2052de962bdSlukem50) 2062de962bdSlukem ;; 2072de962bdSlukem0) 2082de962bdSlukem echo "ldapmodify should have failed ($RC)!" 2092de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2102de962bdSlukem exit -1 2112de962bdSlukem ;; 2122de962bdSlukem*) 2132de962bdSlukem echo "ldapmodify failed ($RC)!" 2142de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2152de962bdSlukem exit $RC 2162de962bdSlukem ;; 2172de962bdSlukemesac 2182de962bdSlukem 219*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 2202de962bdSlukem $TESTOUT 2>&1 << EOMODS 2212de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 2222de962bdSlukemchangetype: modify 2232de962bdSlukemadd: member 2242de962bdSlukemmember: $JAJDN 2252de962bdSlukemEOMODS 2262de962bdSlukemRC=$? 2272de962bdSlukemif test $RC != 0 ; then 2282de962bdSlukem echo "ldapmodify failed ($RC)!" 2292de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2302de962bdSlukem exit $RC 2312de962bdSlukemfi 2322de962bdSlukem 2332de962bdSlukem# 2342de962bdSlukem# Check group access. Try to modify Babs' entry. Two attempts: 2352de962bdSlukem# 1) bound as "James A Jones 1" - should fail 2362de962bdSlukem# 2) bound as "Bjorn Jensen" - should succeed 2372de962bdSlukem 238*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 2392de962bdSlukem $TESTOUT 2>&1 << EOMODS5 2402de962bdSlukemdn: $BABSDN 2412de962bdSlukemchangetype: modify 2422de962bdSlukemreplace: drink 2432de962bdSlukemdrink: wine 2442de962bdSlukemEOMODS5 2452de962bdSlukemRC=$? 2462de962bdSlukemcase $RC in 2472de962bdSlukem50) 2482de962bdSlukem ;; 2492de962bdSlukem0) 2502de962bdSlukem echo "ldapmodify should have failed ($RC)!" 2512de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2522de962bdSlukem exit -1 2532de962bdSlukem ;; 2542de962bdSlukem*) 2552de962bdSlukem echo "ldapmodify failed ($RC)!" 2562de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2572de962bdSlukem exit $RC 2582de962bdSlukem ;; 2592de962bdSlukemesac 2602de962bdSlukem 261*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 2622de962bdSlukem $TESTOUT 2>&1 << EOMODS6 2632de962bdSlukemdn: $BABSDN 2642de962bdSlukemchangetype: modify 2652de962bdSlukemadd: homephone 2662de962bdSlukemhomephone: +1 313 555 5444 2672de962bdSlukemEOMODS6 2682de962bdSlukemRC=$? 2692de962bdSlukemcase $RC in 2702de962bdSlukem0) 2712de962bdSlukem ;; 2722de962bdSlukem*) 2732de962bdSlukem echo "ldapmodify failed ($RC)!" 2742de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2752de962bdSlukem exit $RC 2762de962bdSlukem ;; 2772de962bdSlukemesac 2782de962bdSlukem 2792de962bdSlukem# 2802de962bdSlukem# Try to add a "member" attribute to the "ITD Staff" group. It should 2812de962bdSlukem# fail when we add some DN other than our own, and should succeed when 2822de962bdSlukem# we add our own DN. 2832de962bdSlukem# bjensen 284*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 2852de962bdSlukem $TESTOUT 2>&1 << EOMODS1 2862de962bdSlukemversion: 1 2872de962bdSlukemdn: cn=ITD Staff, ou=Groups, dc=example, dc=com 2882de962bdSlukemchangetype: modify 2892de962bdSlukemadd: uniquemember 2902de962bdSlukemuniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com 2912de962bdSlukemEOMODS1 2922de962bdSlukemRC=$? 2932de962bdSlukemcase $RC in 2942de962bdSlukem50) 2952de962bdSlukem ;; 2962de962bdSlukem0) 2972de962bdSlukem echo "ldapmodify should have failed ($RC)!" 2982de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2992de962bdSlukem exit -1 3002de962bdSlukem ;; 3012de962bdSlukem*) 3022de962bdSlukem echo "ldapmodify failed ($RC)!" 3032de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3042de962bdSlukem exit $RC 3052de962bdSlukem ;; 3062de962bdSlukemesac 3072de962bdSlukem 308*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 3092de962bdSlukem $TESTOUT 2>&1 << EOMODS2 3102de962bdSlukemversion: 1 3112de962bdSlukem 3122de962bdSlukemdn: cn=ITD Staff, ou=Groups, dc=example, dc=com 3132de962bdSlukemchangetype: modify 3142de962bdSlukemadd: uniquemember 3152de962bdSlukemuniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com 3162de962bdSlukemEOMODS2 3172de962bdSlukemRC=$? 3182de962bdSlukemcase $RC in 3192de962bdSlukem0) 3202de962bdSlukem ;; 3212de962bdSlukem*) 3222de962bdSlukem echo "ldapmodify failed ($RC)!" 3232de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3242de962bdSlukem exit $RC 3252de962bdSlukem ;; 3262de962bdSlukemesac 3272de962bdSlukem 3282de962bdSlukem# 3292de962bdSlukem# Try to modify the "ITD Staff" group. Two attempts are made: 3302de962bdSlukem# 1) bound as "James A Jones 1" - should fail 3312de962bdSlukem# 2) bound as "Bjorn Jensen" - should succeed 3322de962bdSlukem# 333*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 3342de962bdSlukem $TESTOUT 2>&1 << EOMODS3 3352de962bdSlukem 3362de962bdSlukemdn: cn=ITD Staff, ou=Groups, dc=example, dc=com 3372de962bdSlukemchangetype: modify 3382de962bdSlukemdelete: description 3392de962bdSlukemEOMODS3 3402de962bdSlukemRC=$? 3412de962bdSlukemcase $RC in 3422de962bdSlukem50) 3432de962bdSlukem ;; 3442de962bdSlukem0) 3452de962bdSlukem echo "ldapmodify should have failed ($RC)!" 3462de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3472de962bdSlukem exit -1 3482de962bdSlukem ;; 3492de962bdSlukem*) 3502de962bdSlukem echo "ldapmodify failed ($RC)!" 3512de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3522de962bdSlukem exit $RC 3532de962bdSlukem ;; 3542de962bdSlukemesac 3552de962bdSlukem 356*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 3572de962bdSlukem $TESTOUT 2>&1 << EOMODS4 3582de962bdSlukem# COMMENT 3592de962bdSlukemversion: 1 3602de962bdSlukem# comment 3612de962bdSlukemdn: cn=ITD Staff, ou=Groups, dc=example, dc=com 3622de962bdSlukem# comment 3632de962bdSlukemchangetype: modify 3642de962bdSlukem# comment 3652de962bdSlukemadd: ou 3662de962bdSlukem# comment 3672de962bdSlukemou: Groups 3682de962bdSlukem# comment 3692de962bdSlukemEOMODS4 3702de962bdSlukemRC=$? 3712de962bdSlukemcase $RC in 3722de962bdSlukem0) 3732de962bdSlukem ;; 3742de962bdSlukem*) 3752de962bdSlukem echo "ldapmodify failed ($RC)!" 3762de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3772de962bdSlukem exit $RC 3782de962bdSlukem ;; 3792de962bdSlukemesac 3802de962bdSlukem 3812de962bdSlukem# 3822de962bdSlukem# Try to modify the "ITD Staff" group. Two attempts are made: 3832de962bdSlukem# 1) bound as "James A Jones 1" - should succeed 3842de962bdSlukem# 2) bound as "Barbara Jensen" - should fail 3852de962bdSlukem# should exploit sets 3862de962bdSlukem# 387*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 3882de962bdSlukem $TESTOUT 2>&1 << EOMODS5 3892de962bdSlukemdn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 3902de962bdSlukemchangetype: modify 3912de962bdSlukemadd: description 3922de962bdSlukemdescription: added by jaj (should succeed) 3932de962bdSlukem- 3942de962bdSlukemEOMODS5 3952de962bdSlukemRC=$? 3962de962bdSlukemcase $RC in 3972de962bdSlukem0) 3982de962bdSlukem ;; 3992de962bdSlukem*) 4002de962bdSlukem echo "ldapmodify failed ($RC)!" 4012de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4022de962bdSlukem exit $RC 4032de962bdSlukem ;; 4042de962bdSlukemesac 4052de962bdSlukem 406*e670fd5cSchristos$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 4072de962bdSlukem $TESTOUT 2>&1 << EOMODS6 4082de962bdSlukemdn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 4092de962bdSlukemchangetype: modify 4102de962bdSlukemadd: description 4112de962bdSlukemdescription: added by bjensen (should fail) 4122de962bdSlukem- 4132de962bdSlukemEOMODS6 4142de962bdSlukemRC=$? 4152de962bdSlukemcase $RC in 4162de962bdSlukem50) 4172de962bdSlukem ;; 4182de962bdSlukem0) 4192de962bdSlukem echo "ldapmodify should have failed ($RC)!" 4202de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4212de962bdSlukem exit -1 4222de962bdSlukem ;; 4232de962bdSlukem*) 4242de962bdSlukem echo "ldapmodify failed ($RC)!" 4252de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4262de962bdSlukem exit $RC 4272de962bdSlukem ;; 4282de962bdSlukemesac 4292de962bdSlukem 430*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ 4312de962bdSlukem $TESTOUT 2>&1 << EOMODS7 4322de962bdSlukemdn: ou=Add & Delete,dc=example,dc=com 4332de962bdSlukemchangetype: add 4342de962bdSlukemobjectClass: organizationalUnit 4352de962bdSlukemou: Add & Delete 4362de962bdSlukemEOMODS7 4372de962bdSlukemRC=$? 4382de962bdSlukemif test $RC != 0 ; then 4392de962bdSlukem echo "ldapmodify failed ($RC)!" 4402de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4412de962bdSlukem exit $RC 4422de962bdSlukemfi 4432de962bdSlukem 444*e670fd5cSchristos$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 4452de962bdSlukem $TESTOUT 2>&1 << EOMODS8 4462de962bdSlukemdn: cn=Added by Babs (must fail),ou=Add & Delete,dc=example,dc=com 4472de962bdSlukemchangetype: add 4482de962bdSlukemobjectClass: inetOrgPerson 4492de962bdSlukemcn: Added by Babs (must fail) 4502de962bdSlukemsn: None 4512de962bdSlukemEOMODS8 4522de962bdSlukemRC=$? 4532de962bdSlukemcase $RC in 4542de962bdSlukem50) 4552de962bdSlukem ;; 4562de962bdSlukem0) 4572de962bdSlukem echo "ldapmodify should have failed ($RC)!" 4582de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4592de962bdSlukem exit -1 4602de962bdSlukem ;; 4612de962bdSlukem*) 4622de962bdSlukem echo "ldapmodify failed ($RC)!" 4632de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4642de962bdSlukem exit $RC 4652de962bdSlukem ;; 4662de962bdSlukemesac 4672de962bdSlukem 468*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 4692de962bdSlukem $TESTOUT 2>&1 << EOMODS9 4702de962bdSlukemdn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 4712de962bdSlukemchangetype: add 4722de962bdSlukemobjectClass: inetOrgPerson 4732de962bdSlukemcn: Added by Bjorn (must succeed) 4742de962bdSlukemsn: None 4752de962bdSlukem 4762de962bdSlukemdn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 4772de962bdSlukemchangetype: add 4782de962bdSlukemobjectClass: inetOrgPerson 4792de962bdSlukemcn: Added by Bjorn (will be deleted) 4802de962bdSlukemsn: None 4812de962bdSlukem 4822de962bdSlukemdn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 4832de962bdSlukemchangetype: add 4842de962bdSlukemobjectClass: inetOrgPerson 4852de962bdSlukemcn: Added by Bjorn (will be renamed) 4862de962bdSlukemsn: None 4872de962bdSlukem 4882de962bdSlukemdn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 4892de962bdSlukemchangetype: modify 4902de962bdSlukemadd: description 4912de962bdSlukemdescription: this attribute value has been added __after__entry creation 4922de962bdSlukemdescription: this attribute value will be deleted by Babs (must succeed) 4932de962bdSlukemdescription: Bjorn will try to delete this attribute value (should fail) 4942de962bdSlukem- 4952de962bdSlukemEOMODS9 4962de962bdSlukemRC=$? 4972de962bdSlukemcase $RC in 4982de962bdSlukem0) 4992de962bdSlukem ;; 5002de962bdSlukem*) 5012de962bdSlukem echo "ldapmodify failed ($RC)!" 5022de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5032de962bdSlukem exit $RC 5042de962bdSlukem ;; 5052de962bdSlukemesac 5062de962bdSlukem 507*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 5082de962bdSlukem $TESTOUT 2>&1 << EOMODS10 5092de962bdSlukemdn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 5102de962bdSlukemchangetype: delete 5112de962bdSlukemEOMODS10 5122de962bdSlukemRC=$? 5132de962bdSlukemcase $RC in 5142de962bdSlukem50) 5152de962bdSlukem ;; 5162de962bdSlukem0) 5172de962bdSlukem echo "ldapmodify should have failed ($RC)!" 5182de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5192de962bdSlukem exit -1 5202de962bdSlukem ;; 5212de962bdSlukem*) 5222de962bdSlukem echo "ldapmodify failed ($RC)!" 5232de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5242de962bdSlukem exit $RC 5252de962bdSlukem ;; 5262de962bdSlukemesac 5272de962bdSlukem 528*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 5292de962bdSlukem $TESTOUT 2>&1 << EOMODS11 5302de962bdSlukemdn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 5312de962bdSlukemchangetype: modrdn 5322de962bdSlukemnewrdn: cn=Added by Bjorn (renamed by Bjorn) 5332de962bdSlukemdeleteoldrdn: 1 5342de962bdSlukemEOMODS11 5352de962bdSlukemRC=$? 5362de962bdSlukemcase $RC in 5372de962bdSlukem50) 5382de962bdSlukem ;; 5392de962bdSlukem0) 5402de962bdSlukem echo "ldapmodify should have failed ($RC)!" 5412de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5422de962bdSlukem exit -1 5432de962bdSlukem ;; 5442de962bdSlukem*) 5452de962bdSlukem echo "ldapmodify failed ($RC)!" 5462de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5472de962bdSlukem exit $RC 5482de962bdSlukem ;; 5492de962bdSlukemesac 5502de962bdSlukem 551*e670fd5cSchristos$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 5522de962bdSlukem $TESTOUT 2>&1 << EOMODS12 5532de962bdSlukemdn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 5542de962bdSlukemchangetype: modrdn 5552de962bdSlukemnewrdn: cn=Added by Bjorn (renamed by Babs) 5562de962bdSlukemdeleteoldrdn: 1 5572de962bdSlukemEOMODS12 5582de962bdSlukemRC=$? 5592de962bdSlukemcase $RC in 5602de962bdSlukem50) 5612de962bdSlukem ;; 5622de962bdSlukem0) 5632de962bdSlukem echo "ldapmodify should have failed ($RC)!" 5642de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5652de962bdSlukem exit -1 5662de962bdSlukem ;; 5672de962bdSlukem*) 5682de962bdSlukem echo "ldapmodify failed ($RC)!" 5692de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5702de962bdSlukem exit $RC 5712de962bdSlukem ;; 5722de962bdSlukemesac 5732de962bdSlukem 574*e670fd5cSchristos$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 5752de962bdSlukem $TESTOUT 2>&1 << EOMODS13 5762de962bdSlukemdn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com 5772de962bdSlukemchangetype: modrdn 5782de962bdSlukemnewrdn: cn=Added by Bjorn (renamed by Jaj) 5792de962bdSlukemdeleteoldrdn: 1 5802de962bdSlukemEOMODS13 5812de962bdSlukemRC=$? 5822de962bdSlukemcase $RC in 5832de962bdSlukem0) 5842de962bdSlukem ;; 5852de962bdSlukem*) 5862de962bdSlukem echo "ldapmodify failed ($RC)!" 5872de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5882de962bdSlukem exit $RC 5892de962bdSlukem ;; 5902de962bdSlukemesac 5912de962bdSlukem 592*e670fd5cSchristos$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 5932de962bdSlukem $TESTOUT 2>&1 << EOMODS14 5942de962bdSlukemdn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 5952de962bdSlukemchangetype: modify 5962de962bdSlukemdelete: description 5972de962bdSlukemdescription: Bjorn will try to delete this attribute value (should fail) 5982de962bdSlukem- 5992de962bdSlukemEOMODS14 6002de962bdSlukemRC=$? 6012de962bdSlukemcase $RC in 6022de962bdSlukem50) 6032de962bdSlukem ;; 6042de962bdSlukem0) 6052de962bdSlukem echo "ldapmodify should have failed ($RC)!" 6062de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6072de962bdSlukem exit -1 6082de962bdSlukem ;; 6092de962bdSlukem*) 6102de962bdSlukem echo "ldapmodify failed ($RC)!" 6112de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6122de962bdSlukem exit $RC 6132de962bdSlukem ;; 6142de962bdSlukemesac 6152de962bdSlukem 616*e670fd5cSchristos$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 6172de962bdSlukem $TESTOUT 2>&1 << EOMODS15 6182de962bdSlukemdn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com 6192de962bdSlukemchangetype: delete 6202de962bdSlukem 6212de962bdSlukemdn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com 6222de962bdSlukemchangetype: modify 6232de962bdSlukemdelete: description 6242de962bdSlukemdescription: this attribute value will be deleted by Babs (must succeed) 6252de962bdSlukem- 6262de962bdSlukemEOMODS15 6272de962bdSlukemRC=$? 6282de962bdSlukemcase $RC in 6292de962bdSlukem0) 6302de962bdSlukem ;; 6312de962bdSlukem*) 6322de962bdSlukem echo "ldapmodify failed ($RC)!" 6332de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6342de962bdSlukem exit $RC 6352de962bdSlukem ;; 6362de962bdSlukemesac 6372de962bdSlukem 6382de962bdSlukemecho "Using ldapsearch to retrieve all the entries..." 6392de962bdSlukemecho "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT 640*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 6412de962bdSlukem 'objectClass=*' >> $SEARCHOUT 2>&1 6422de962bdSlukemRC=$? 6432de962bdSlukemtest $KILLSERVERS != no && kill -HUP $KILLPIDS 6442de962bdSlukemif test $RC != 0 ; then 6452de962bdSlukem echo "ldapsearch failed ($RC)!" 6462de962bdSlukem exit $RC 6472de962bdSlukemfi 6482de962bdSlukem 649*e670fd5cSchristosLDIF=$ACLOUTPROVIDER 6502de962bdSlukem 6512de962bdSlukemecho "Filtering ldapsearch results..." 652ef2f90d3Sadam$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 6532de962bdSlukemecho "Filtering original ldif used to create database..." 654ef2f90d3Sadam$LDIFFILTER < $LDIF > $LDIFFLT 6552de962bdSlukemecho "Comparing filter output..." 6562de962bdSlukem$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 6572de962bdSlukem 6582de962bdSlukemif test $? != 0 ; then 6592de962bdSlukem echo "comparison failed - operations did not complete correctly" 6602de962bdSlukem exit 1 6612de962bdSlukemfi 6622de962bdSlukem 6632de962bdSlukemecho ">>>>> Test succeeded" 6642de962bdSlukem 6652de962bdSlukemtest $KILLSERVERS != no && wait 6662de962bdSlukem 6672de962bdSlukemexit 0 668