1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2004-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $UNIQUE = uniqueno; then 20 echo "Attribute Uniqueness overlay not available, test skipped" 21 exit 0 22fi 23 24RCODEconstraint=19 25RCODEnorelax=50 26test $BACKEND = null && RCODEconstraint=0 27 28mkdir -p $TESTDIR $DBDIR1 29 30$SLAPPASSWD -g -n >$CONFIGPWF 31echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 32 33echo "Running slapadd to build slapd database..." 34. $CONFFILTER $BACKEND < $UNIQUECONF > $CONF1 35$SLAPADD -f $CONF1 -l $LDIFUNIQUE 36RC=$? 37if test $RC != 0 ; then 38 echo "slapadd failed ($RC)!" 39 exit $RC 40fi 41 42echo "Starting slapd on TCP/IP port $PORT1..." 43mkdir $TESTDIR/confdir 44$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 & 45PID=$! 46if test $WAIT != 0 ; then 47 echo PID $PID 48 read foo 49fi 50KILLPIDS="$PID" 51 52sleep 1 53 54echo "Testing slapd attribute uniqueness operations..." 55for i in 0 1 2 3 4 5; do 56 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 57 'objectclass=*' > /dev/null 2>&1 58 RC=$? 59 if test $RC = 0 ; then 60 break 61 fi 62 echo "Waiting 5 seconds for slapd to start..." 63 sleep 5 64done 65 66if test $RC != 0 ; then 67 echo "ldapsearch failed ($RC)!" 68 test $KILLSERVERS != no && kill -HUP $KILLPIDS 69 exit $RC 70fi 71 72echo "Adding a unique record..." 73$LDAPADD -D "$UNIQUEDN" -H $URI1 -w $PASSWD \ 74 > /dev/null << EOTUNIQ1 75dn: uid=dave,ou=users,o=unique 76objectClass: inetOrgPerson 77objectClass: simpleSecurityObject 78uid: dave 79sn: nothere 80cn: dave 81businessCategory: otest 82carLicense: TEST 83departmentNumber: 42 84# NOTE: use special chars in attr value to be used 85# in internal searches ITS#4212 86displayName: Dave (ITS#4212) 87employeeNumber: 69 88employeeType: contractor 89givenName: Dave 90userpassword: $PASSWD 91EOTUNIQ1 92RC=$? 93if test $RC != 0 ; then 94 echo "ldapadd failed ($RC)!" 95 test $KILLSERVERS != no && kill -HUP $KILLPIDS 96 exit $RC 97fi 98 99echo "Adding a non-unique record..." 100$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 101 $TESTOUT 2>&1 << EOTUNIQ2 102dn: uid=bill,ou=users,o=unique 103objectClass: inetOrgPerson 104uid: bill 105sn: johnson 106cn: bill 107businessCategory: rtest 108carLicense: ABC123 109departmentNumber: 42 110displayName: Bill 111employeeNumber: 5150 112employeeType: contractor 113givenName: Bill 114EOTUNIQ2 115RC=$? 116if test $RC != $RCODEconstraint ; then 117 echo "unique check failed ($RC)!" 118 test $KILLSERVERS != no && kill -HUP $KILLPIDS 119 exit -1 120fi 121 122# ITS#6641/8057/8245 123echo "Trying to bypass uniqueness as a normal user..." 124$LDAPADD -e \!relax -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 125 $TESTOUT 2>&1 << EOTUNIQ2 126dn: uid=bill,ou=users,o=unique 127objectClass: inetOrgPerson 128uid: bill 129sn: johnson 130cn: bill 131businessCategory: rtest 132carLicense: ABC123 133departmentNumber: 42 134displayName: Bill 135employeeNumber: 5150 136employeeType: contractor 137givenName: Bill 138EOTUNIQ2 139RC=$? 140if test $RC != $RCODEnorelax && test $RC != $RCODEconstraint ; then 141 echo "unique check failed ($RC)!" 142 test $KILLSERVERS != no && kill -HUP $KILLPIDS 143 exit -1 144fi 145 146echo "Trying to bypass uniqueness as a normal user with ManageDSAIt..." 147$LDAPADD -M -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 148 $TESTOUT 2>&1 << EOTUNIQ2 149dn: uid=bill,ou=users,o=unique 150objectClass: inetOrgPerson 151uid: bill 152sn: johnson 153cn: bill 154businessCategory: rtest 155carLicense: ABC123 156departmentNumber: 42 157displayName: Bill 158employeeNumber: 5150 159employeeType: contractor 160givenName: Bill 161EOTUNIQ2 162RC=$? 163if test $RC != $RCODEconstraint ; then 164 echo "unique check failed ($RC)!" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 exit -1 167fi 168 169echo "Bypassing uniqueness as an admin user..." 170$LDAPADD -e \!relax -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 171 $TESTOUT 2>&1 << EOTUNIQ2 172dn: uid=bill,ou=users,o=unique 173objectClass: inetOrgPerson 174uid: bill 175sn: johnson 176cn: bill 177businessCategory: rtest 178carLicense: ABC123 179departmentNumber: 42 180displayName: Bill 181employeeNumber: 5150 182employeeType: contractor 183givenName: Bill 184EOTUNIQ2 185RC=$? 186if test $RC != 0 ; then 187 echo "spurious unique error ($RC)!" 188 test $KILLSERVERS != no && kill -HUP $KILLPIDS 189 exit $RC 190fi 191 192echo "Cleaning up" 193$LDAPDELETE -D "$UNIQUEDN" -H $URI1 -w $PASSWD \ 194 "uid=bill,ou=users,o=unique" > $TESTOUT 2>&1 195RC=$? 196if test $RC != 0; then 197 echo "ldapdelete failed ($RC)!" 198 test $KILLSERVERS != no && kill -HUP $KILLPIDS 199 exit $RC 200fi 201 202echo Dynamically retrieving initial configuration... 203$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif 204cat <<EOF >$TESTDIR/initial-reference.ldif 205dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 206objectClass: olcOverlayConfig 207objectClass: olcUniqueConfig 208olcOverlay: {0}unique 209olcUniqueBase: o=unique 210olcUniqueAttribute: employeeNumber 211olcUniqueAttribute: displayName 212 213EOF 214diff $TESTDIR/initial-config.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 215RC=$? 216if test $RC != 0 ; then 217 echo "Initial configuration is not reported correctly." 218 test $KILLSERVERS != no && kill -HUP $KILLPIDS 219 exit -1 220fi 221 222echo Dynamically trying to add a URI with legacy attrs present... 223$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 224 > $TESTOUT 2>&1 <<EOF 225dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 226changetype: modify 227add: olcUniqueURI 228olcUniqueURI: ldap:///?employeeNumber,displayName?sub 229EOF 230RC=$? 231if test $RC != 80 ; then 232 echo "legacy and unique_uri allowed together" 233 test $KILLSERVERS != no && kill -HUP $KILLPIDS 234 exit -1 235fi 236 237echo Dynamically trying to add legacy ignored attrs with legacy attrs present... 238$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 239 > $TESTOUT 2>&1 <<EOF 240dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 241changetype: modify 242add: olcUniqueIgnore 243olcUniqueIgnore: objectClass 244EOF 245RC=$? 246if test $RC != 80 ; then 247 echo "legacy attrs and legacy ignore attrs allowed together" 248 test $KILLSERVERS != no && kill -HUP $KILLPIDS 249 exit -1 250fi 251 252echo Verifying initial configuration intact... 253$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/initial-config-recheck.ldif 254diff $TESTDIR/initial-config-recheck.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 255RC=$? 256if test $RC != 0 ; then 257 echo "Initial configuration damaged by unsuccessful modifies." 258 test $KILLSERVERS != no && kill -HUP $KILLPIDS 259 exit -1 260fi 261 262echo Dynamically removing legacy base... 263$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 264 > $TESTOUT 2>&1 <<EOF 265dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 266changetype: modify 267delete: olcUniqueBase 268EOF 269RC=$? 270if test $RC != 0 ; then 271 echo "base removal failed" 272 test $KILLSERVERS != no && kill -HUP $KILLPIDS 273 exit -1 274fi 275 276echo Verifying base removal... 277$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/baseremoval-config.ldif 278cat >$TESTDIR/baseremoval-reference.ldif <<EOF 279dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 280objectClass: olcOverlayConfig 281objectClass: olcUniqueConfig 282olcOverlay: {0}unique 283olcUniqueAttribute: employeeNumber 284olcUniqueAttribute: displayName 285 286EOF 287diff $TESTDIR/baseremoval-config.ldif $TESTDIR/baseremoval-reference.ldif > /dev/null 2>&1 288RC=$? 289if test $RC != 0 ; then 290 echo "Configuration damaged by base removal" 291 test $KILLSERVERS != no && kill -HUP $KILLPIDS 292 exit -1 293fi 294 295echo "Adding a non-unique record..." 296$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 297 $TESTOUT 2>&1 << EOTUNIQ2 298dn: uid=bill,ou=users,o=unique 299objectClass: inetOrgPerson 300uid: bill 301sn: johnson 302cn: bill 303businessCategory: rtest 304carLicense: ABC123 305departmentNumber: 42 306displayName: Bill 307employeeNumber: 5150 308employeeType: contractor 309givenName: Bill 310EOTUNIQ2 311RC=$? 312if test $RC != $RCODEconstraint ; then 313 echo "unique check failed ($RC)!" 314 test $KILLSERVERS != no && kill -HUP $KILLPIDS 315 exit -1 316fi 317 318echo Trying a legacy base outside of the backend... 319$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 320 > $TESTOUT 2>&1 <<EOF 321dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 322changetype: modify 323add: olcUniqueBase 324olcUniqueBase: cn=config 325EOF 326RC=$? 327if test $RC != 80 ; then 328 echo "out of backend scope base allowed" 329 test $KILLSERVERS != no && kill -HUP $KILLPIDS 330 exit -1 331fi 332 333echo "Adding and removing attrs..." 334$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 335 > $TESTOUT 2>&1 <<EOF 336dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 337changetype: modify 338add: olcUniqueAttribute 339olcUniqueAttribute: description 340olcUniqueAttribute: telephoneNumber 341- 342delete: olcUniqueAttribute 343olcUniqueAttribute: displayName 344EOF 345RC=$? 346if test $RC != 0 ; then 347 echo "Unable to remove an attribute" 348 test $KILLSERVERS != no && kill -HUP $KILLPIDS 349 exit -1 350fi 351 352echo "Verifying we removed the right attr..." 353$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 354 $TESTOUT 2>&1 << EOTUNIQ2 355dn: uid=bill,ou=users,o=unique 356objectClass: inetOrgPerson 357uid: bill 358sn: johnson 359cn: bill 360businessCategory: rtest 361carLicense: ABC123 362departmentNumber: 42 363displayName: Bill 364employeeNumber: 5150 365employeeType: contractor 366givenName: Bill 367EOTUNIQ2 368RC=$? 369if test $RC != $RCODEconstraint ; then 370 echo "olcUniqueAttribute single deletion hit the wrong value" 371 test $KILLSERVERS != no && kill -HUP $KILLPIDS 372 exit -1 373fi 374 375echo Removing legacy config and adding URIs... 376$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 377 > $TESTOUT 2>&1 <<EOF 378dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 379changetype: modify 380delete: olcUniqueAttribute 381- 382add: olcUniqueURI 383olcUniqueURI: ldap:///?employeeNumber,displayName?sub 384olcUniqueURI: ldap:///?description?one 385EOF 386RC=$? 387if test $RC != 0 ; then 388 echo "Reconfiguration to URIs failed" 389 test $KILLSERVERS != no && kill -HUP $KILLPIDS 390 exit -1 391fi 392 393echo Dynamically retrieving second configuration... 394$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/second-config.ldif 395cat >$TESTDIR/second-reference.ldif <<EOF 396dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 397objectClass: olcOverlayConfig 398objectClass: olcUniqueConfig 399olcOverlay: {0}unique 400olcUniqueURI: ldap:///?employeeNumber,displayName?sub 401olcUniqueURI: ldap:///?description?one 402 403EOF 404diff $TESTDIR/second-config.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 405RC=$? 406if test $RC != 0 ; then 407 echo "Second configuration is not reported correctly." 408 test $KILLSERVERS != no && kill -HUP $KILLPIDS 409 exit -1 410fi 411 412echo "Adding a non-unique record..." 413$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 414 $TESTOUT 2>&1 << EOTUNIQ2 415dn: uid=bill,ou=users,o=unique 416objectClass: inetOrgPerson 417uid: bill 418sn: johnson 419cn: bill 420businessCategory: rtest 421carLicense: ABC123 422departmentNumber: 42 423displayName: Bill 424employeeNumber: 5150 425employeeType: contractor 426givenName: Bill 427EOTUNIQ2 428RC=$? 429if test $RC != $RCODEconstraint ; then 430 echo "unique check failed ($RC)!" 431 test $KILLSERVERS != no && kill -HUP $KILLPIDS 432 exit -1 433fi 434 435echo Dynamically trying to add legacy base 436$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 437 > $TESTOUT 2>&1 <<EOF 438dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 439changetype: modify 440add: olcUniqueBase 441olcUniqueBase: o=unique 442EOF 443RC=$? 444if test $RC != 80 ; then 445 echo "legacy base allowed with URIs" 446 test $KILLSERVERS != no && kill -HUP $KILLPIDS 447 exit -1 448fi 449 450echo Dynamically trying to add legacy attrs 451$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 452 > $TESTOUT 2>&1 <<EOF 453dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 454changetype: modify 455add: olcUniqueAttribute 456olcUniqueAttribute: description 457EOF 458RC=$? 459if test $RC != 80 ; then 460 echo "legacy attributes allowed with URIs" 461 test $KILLSERVERS != no && kill -HUP $KILLPIDS 462 exit -1 463fi 464 465echo Dynamically trying to add legacy strictness 466$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 467 > $TESTOUT 2>&1 <<EOF 468dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 469changetype: modify 470add: olcUniqueStrict 471olcUniqueStrict: TRUE 472EOF 473RC=$? 474if test $RC != 80 ; then 475 echo "legacy strictness allowed with URIs" 476 test $KILLSERVERS != no && kill -HUP $KILLPIDS 477 exit -1 478fi 479 480#echo ---------------------- 481echo Dynamically trying a bad filter... 482$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 483 > $TESTOUT 2>&1 <<EOF 484dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 485changetype: modify 486replace: olcUniqueURI 487olcUniqueURI: ldap:///?sn?sub?((cn=e*)) 488EOF 489RC=$? 490if test $RC != 80 ; then 491 echo "bad filter allowed" 492 test $KILLSERVERS != no && kill -HUP $KILLPIDS 493 exit -1 494fi 495 496echo Verifying second configuration intact... 497$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/second-config-recheck.ldif 498diff $TESTDIR/second-config-recheck.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 499RC=$? 500if test $RC != 0 ; then 501 echo "Second configuration damaged by rejected modifies." 502 test $KILLSERVERS != no && kill -HUP $KILLPIDS 503 exit -1 504fi 505 506#echo ---------------------- 507echo Dynamically reconfiguring to use different URIs... 508$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 509 > $TESTOUT 2>&1 <<EOF 510dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 511changetype: modify 512add: olcUniqueURI 513olcUniqueURI: ldap:///?sn?sub?(cn=e*) 514olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 515- 516delete: olcUniqueURI 517olcUniqueURI: ldap:///?description?one 518EOF 519RC=$? 520if test $RC != 0 ; then 521 echo "unable to reconfigure" 522 test $KILLSERVERS != no && kill -HUP $KILLPIDS 523 exit -1 524fi 525 526echo Dynamically retrieving third configuration... 527$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/third-config.ldif 528cat >$TESTDIR/third-reference.ldif <<EOF 529dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 530objectClass: olcOverlayConfig 531objectClass: olcUniqueConfig 532olcOverlay: {0}unique 533olcUniqueURI: ldap:///?employeeNumber,displayName?sub 534olcUniqueURI: ldap:///?sn?sub?(cn=e*) 535olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 536 537EOF 538diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1 539RC=$? 540if test $RC != 0 ; then 541 echo "Third configuration is not reported correctly." 542 test $KILLSERVERS != no && kill -HUP $KILLPIDS 543 exit -1 544fi 545 546echo "Adding a record unique in both domains if filtered..." 547 548$LDAPADD -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 549 $TESTOUT 2>&1 << EOF 550dn: uid=edgar,ou=users,o=unique 551objectClass: inetOrgPerson 552uid: edgar 553sn: johnson 554cn: edgar 555EOF 556 557RC=$? 558if test $RC != 0 ; then 559 echo "unique check failed ($RC)!" 560 test $KILLSERVERS != no && kill -HUP $KILLPIDS 561 exit -1 562fi 563 564echo "Adding a record unique in all domains because of filter conditions " 565$LDAPADD -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 566 $TESTOUT 2>&1 << EOF 567dn: uid=empty,ou=users,o=unique 568objectClass: inetOrgPerson 569uid: edgar 570cn: empty 571sn: empty 572EOF 573 574RC=$? 575if test $RC != 0 ; then 576 echo "spurious unique error ($RC)!" 577 test $KILLSERVERS != no && kill -HUP $KILLPIDS 578 exit -1 579fi 580 581echo "Sending an empty modification" 582 583$LDAPMODIFY -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 584 $TESTOUT 2>&1 << EOF 585dn: uid=empty,ou=users,o=unique 586changetype: modify 587EOF 588 589RC=$? 590if test $RC != 0 ; then 591 echo "spurious unique error ($RC)!" 592 test $KILLSERVERS != no && kill -HUP $KILLPIDS 593 exit -1 594fi 595 596echo "Making a record non-unique" 597$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 598 $TESTOUT 2>&1 << EOF 599dn: uid=empty,ou=users,o=unique 600changetype: modify 601replace: sn 602sn: johnson 603EOF 604 605RC=$? 606if test $RC != $RCODEconstraint ; then 607 echo "unique check failed ($RC)!" 608 test $KILLSERVERS != no && kill -HUP $KILLPIDS 609 exit -1 610fi 611 612# ITS#6641/8057/8245 613echo "Trying to bypass uniqueness as a normal user..." 614$LDAPMODIFY -e \!relax -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 615 $TESTOUT 2>&1 << EOF 616dn: uid=empty,ou=users,o=unique 617changetype: modify 618replace: sn 619sn: johnson 620EOF 621 622RC=$? 623if test $RC != $RCODEnorelax && test $RC != $RCODEconstraint ; then 624 echo "unique check failed ($RC)!" 625 test $KILLSERVERS != no && kill -HUP $KILLPIDS 626 exit -1 627fi 628 629echo "Trying to bypass uniqueness as a normal user with ManageDSAIt..." 630$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 631 $TESTOUT 2>&1 << EOF 632dn: uid=empty,ou=users,o=unique 633changetype: modify 634replace: sn 635sn: johnson 636EOF 637 638RC=$? 639if test $RC != $RCODEconstraint ; then 640 echo "unique check failed ($RC)!" 641 test $KILLSERVERS != no && kill -HUP $KILLPIDS 642 exit -1 643fi 644 645echo "Bypassing uniqueness as an admin user..." 646$LDAPMODIFY -e \!relax -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 647 $TESTOUT 2>&1 << EOF 648dn: uid=empty,ou=users,o=unique 649changetype: modify 650replace: sn 651sn: johnson 652EOF 653 654RC=$? 655if test $RC != 0 ; then 656 echo "spurious unique error ($RC)!" 657 test $KILLSERVERS != no && kill -HUP $KILLPIDS 658 exit $RC 659fi 660 661echo "Cleaning up" 662$LDAPMODIFY -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 663 $TESTOUT 2>&1 << EOF 664dn: uid=empty,ou=users,o=unique 665changetype: modify 666replace: sn 667sn: empty 668EOF 669 670RC=$? 671if test $RC != 0; then 672 echo "ldapmodify failed ($RC)!" 673 test $KILLSERVERS != no && kill -HUP $KILLPIDS 674 exit $RC 675fi 676 677echo "Adding another unique record..." 678$LDAPADD -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 679 $TESTOUT 2>&1 << EOF 680dn: uid=not edgar,uid=edgar,ou=users,o=unique 681objectClass: inetOrgPerson 682uid: not edgar 683sn: Alan 684cn: not edgar 685EOF 686 687RC=$? 688if test $RC != 0 ; then 689 echo "unique check failed ($RC)!" 690 test $KILLSERVERS != no && kill -HUP $KILLPIDS 691 exit -1 692fi 693 694echo "Making the record non-unique with modrdn..." 695$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD \ 696 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 697 698RC=$? 699if test $RC != $RCODEconstraint ; then 700 echo "unique check failed ($RC)!" 701 test $KILLSERVERS != no && kill -HUP $KILLPIDS 702 exit -1 703fi 704 705# ITS#6641/8057/8245 706echo "Trying to bypass uniqueness as a normal user..." 707$LDAPMODRDN -e \!relax -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD \ 708 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 709 710RC=$? 711if test $RC != $RCODEnorelax && test $RC != $RCODEconstraint ; then 712 echo "unique check failed ($RC)!" 713 test $KILLSERVERS != no && kill -HUP $KILLPIDS 714 exit -1 715fi 716 717echo "Trying to bypass uniqueness as a normal user with a ManageDSAIt control..." 718$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD \ 719 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 720 721RC=$? 722if test $RC != $RCODEconstraint ; then 723 echo "unique check failed ($RC)!" 724 test $KILLSERVERS != no && kill -HUP $KILLPIDS 725 exit -1 726fi 727 728echo "Bypassing uniqueness as an admin user..." 729$LDAPMODRDN -e \!relax -D "$UNIQUEDN" -H $URI1 -w $PASSWD \ 730 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 731 732RC=$? 733if test $RC != 0 ; then 734 echo "spurious unique error ($RC)!" 735 test $KILLSERVERS != no && kill -HUP $KILLPIDS 736 exit $RC 737fi 738 739echo "Cleaning up" 740$LDAPDELETE -D "$UNIQUEDN" -H $URI1 -w $PASSWD \ 741 "uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1 742RC=$? 743if test $RC != 0; then 744 echo "ldapdelete failed ($RC)!" 745 test $KILLSERVERS != no && kill -HUP $KILLPIDS 746 exit $RC 747fi 748 749echo "Adding a record unique in one domain, non-unique in the filtered domain..." 750 751$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 752 $TESTOUT 2>&1 << EOF 753dn: uid=elvis,ou=users,o=unique 754objectClass: inetOrgPerson 755uid: elvis 756sn: johnson 757cn: elvis 758EOF 759 760RC=$? 761if test $RC != $RCODEconstraint ; then 762 echo "unique check failed ($RC)!" 763 test $KILLSERVERS != no && kill -HUP $KILLPIDS 764 exit -1 765fi 766 767#echo ---------------------- 768echo Dynamically reconfiguring to use attribute-ignore URIs... 769$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \ 770 > $TESTOUT 2>&1 <<EOF 771dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 772changetype: modify 773replace: olcUniqueURI 774olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 775EOF 776RC=$? 777if test $RC != 0 ; then 778 echo "unable to reconfigure" 779 test $KILLSERVERS != no && kill -HUP $KILLPIDS 780 exit -1 781fi 782 783echo Dynamically retrieving fourth configuration... 784$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -H $URI1 -LLL | tr -d \\r >$TESTDIR/fourth-config.ldif 785cat >$TESTDIR/fourth-reference.ldif <<EOF 786dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 787objectClass: olcOverlayConfig 788objectClass: olcUniqueConfig 789olcOverlay: {0}unique 790olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 791 792EOF 793diff $TESTDIR/fourth-config.ldif $TESTDIR/fourth-reference.ldif > /dev/null 2>&1 794RC=$? 795if test $RC != 0 ; then 796 echo "Fourth configuration is not reported correctly." 797 test $KILLSERVERS != no && kill -HUP $KILLPIDS 798 exit -1 799fi 800 801echo "Adding a record unique in the ignore-domain..." 802 803$LDAPADD -D "$UNIQUEDN" -H $URI1 -w $PASSWD > \ 804 $TESTOUT 2>&1 << EOF 805dn: uid=elvis,ou=users,o=unique 806objectClass: inetOrgPerson 807uid: elvis 808sn: johnson 809cn: elvis 810description: left the building 811EOF 812 813RC=$? 814if test $RC != 0 ; then 815 echo "unique check failed ($RC)!" 816 test $KILLSERVERS != no && kill -HUP $KILLPIDS 817 exit -1 818fi 819 820echo "Adding a record non-unique in the ignore-domain..." 821 822$LDAPADD -D "uid=dave,ou=users,o=unique" -H $URI1 -w $PASSWD > \ 823 $TESTOUT 2>&1 << EOF 824dn: uid=harry,ou=users,o=unique 825objectClass: inetOrgPerson 826uid: harry 827sn: johnson 828cn: harry 829description: left the building 830EOF 831 832RC=$? 833if test $RC != $RCODEconstraint ; then 834 echo "unique check failed ($RC)!" 835 test $KILLSERVERS != no && kill -HUP $KILLPIDS 836 exit -1 837fi 838 839test $KILLSERVERS != no && kill -HUP $KILLPIDS 840 841echo ">>>>> Test succeeded" 842 843test $KILLSERVERS != no && wait 844 845exit 0 846