1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2004-2019 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $UNIQUE = uniqueno; then 20 echo "Attribute Uniqueness overlay not available, test skipped" 21 exit 0 22fi 23 24RCODEconstraint=19 25test $BACKEND = null && RCODEconstraint=0 26 27mkdir -p $TESTDIR $DBDIR1 28 29$SLAPPASSWD -g -n >$CONFIGPWF 30echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 31 32echo "Running slapadd to build slapd database..." 33. $CONFFILTER $BACKEND $MONITORDB < $UNIQUECONF > $CONF1 34$SLAPADD -f $CONF1 -l $LDIFUNIQUE 35RC=$? 36if test $RC != 0 ; then 37 echo "slapadd failed ($RC)!" 38 exit $RC 39fi 40 41echo "Starting slapd on TCP/IP port $PORT1..." 42mkdir $TESTDIR/confdir 43$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 44PID=$! 45if test $WAIT != 0 ; then 46 echo PID $PID 47 read foo 48fi 49KILLPIDS="$PID" 50 51sleep 1 52 53echo "Testing slapd attribute uniqueness operations..." 54for i in 0 1 2 3 4 5; do 55 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 56 'objectclass=*' > /dev/null 2>&1 57 RC=$? 58 if test $RC = 0 ; then 59 break 60 fi 61 echo "Waiting 5 seconds for slapd to start..." 62 sleep 5 63done 64 65if test $RC != 0 ; then 66 echo "ldapsearch failed ($RC)!" 67 test $KILLSERVERS != no && kill -HUP $KILLPIDS 68 exit $RC 69fi 70 71echo "Adding a unique record..." 72$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 73 > /dev/null << EOTUNIQ1 74dn: uid=dave,ou=users,o=unique 75objectClass: inetOrgPerson 76objectClass: simpleSecurityObject 77uid: dave 78sn: nothere 79cn: dave 80businessCategory: otest 81carLicense: TEST 82departmentNumber: 42 83# NOTE: use special chars in attr value to be used 84# in internal searches ITS#4212 85displayName: Dave (ITS#4212) 86employeeNumber: 69 87employeeType: contractor 88givenName: Dave 89userpassword: $PASSWD 90EOTUNIQ1 91RC=$? 92if test $RC != 0 ; then 93 echo "ldapadd failed ($RC)!" 94 test $KILLSERVERS != no && kill -HUP $KILLPIDS 95 exit $RC 96fi 97 98echo "Adding a non-unique record..." 99$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 100 $TESTOUT 2>&1 << EOTUNIQ2 101dn: uid=bill,ou=users,o=unique 102objectClass: inetOrgPerson 103uid: bill 104sn: johnson 105cn: bill 106businessCategory: rtest 107carLicense: ABC123 108departmentNumber: 42 109displayName: Bill 110employeeNumber: 5150 111employeeType: contractor 112givenName: Bill 113EOTUNIQ2 114RC=$? 115if test $RC != $RCODEconstraint ; then 116 echo "unique check failed ($RC)!" 117 test $KILLSERVERS != no && kill -HUP $KILLPIDS 118 exit -1 119fi 120 121# ITS#6641/8057 122echo "Trying to bypass uniqueness as a normal user..." 123$LDAPADD -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 124 $TESTOUT 2>&1 << EOTUNIQ2 125dn: uid=bill,ou=users,o=unique 126objectClass: inetOrgPerson 127uid: bill 128sn: johnson 129cn: bill 130businessCategory: rtest 131carLicense: ABC123 132departmentNumber: 42 133displayName: Bill 134employeeNumber: 5150 135employeeType: contractor 136givenName: Bill 137EOTUNIQ2 138RC=$? 139if test $RC != $RCODEconstraint ; then 140 echo "unique check failed ($RC)!" 141 test $KILLSERVERS != no && kill -HUP $KILLPIDS 142 exit -1 143fi 144 145# ITS#6641/8057 146echo "Bypassing uniqueness as an admin user..." 147$LDAPADD -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 148 $TESTOUT 2>&1 << EOTUNIQ2 149dn: uid=bill,ou=users,o=unique 150objectClass: inetOrgPerson 151uid: bill 152sn: johnson 153cn: bill 154businessCategory: rtest 155carLicense: ABC123 156departmentNumber: 42 157displayName: Bill 158employeeNumber: 5150 159employeeType: contractor 160givenName: Bill 161EOTUNIQ2 162RC=$? 163if test $RC != 0 ; then 164 echo "spurious unique error ($RC)!" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 exit $RC 167fi 168 169echo "Cleaning up" 170$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 171 "uid=bill,ou=users,o=unique" > $TESTOUT 2>&1 172RC=$? 173if test $RC != 0; then 174 echo "ldapdelete failed ($RC)!" 175 test $KILLSERVERS != no && kill -HUP $KILLPIDS 176 exit $RC 177fi 178 179echo Dynamically retrieving initial configuration... 180$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif 181cat <<EOF >$TESTDIR/initial-reference.ldif 182dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 183objectClass: olcOverlayConfig 184objectClass: olcUniqueConfig 185olcOverlay: {0}unique 186olcUniqueBase: o=unique 187olcUniqueAttribute: employeeNumber 188olcUniqueAttribute: displayName 189 190EOF 191diff $TESTDIR/initial-config.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 192RC=$? 193if test $RC != 0 ; then 194 echo "Initial configuration is not reported correctly." 195 test $KILLSERVERS != no && kill -HUP $KILLPIDS 196 exit -1 197fi 198 199echo Dynamically trying to add a URI with legacy attrs present... 200$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 201 > $TESTOUT 2>&1 <<EOF 202dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 203changetype: modify 204add: olcUniqueURI 205olcUniqueURI: ldap:///?employeeNumber,displayName?sub 206EOF 207RC=$? 208if test $RC != 80 ; then 209 echo "legacy and unique_uri allowed together" 210 test $KILLSERVERS != no && kill -HUP $KILLPIDS 211 exit -1 212fi 213 214echo Dynamically trying to add legacy ignored attrs with legacy attrs present... 215$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 216 > $TESTOUT 2>&1 <<EOF 217dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 218changetype: modify 219add: olcUniqueIgnore 220olcUniqueIgnore: objectClass 221EOF 222RC=$? 223if test $RC != 80 ; then 224 echo "legacy attrs and legacy ignore attrs allowed together" 225 test $KILLSERVERS != no && kill -HUP $KILLPIDS 226 exit -1 227fi 228 229echo Verifying initial configuration intact... 230$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config-recheck.ldif 231diff $TESTDIR/initial-config-recheck.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 232RC=$? 233if test $RC != 0 ; then 234 echo "Initial configuration damaged by unsuccessful modifies." 235 test $KILLSERVERS != no && kill -HUP $KILLPIDS 236 exit -1 237fi 238 239echo Dynamically removing legacy base... 240$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 241 > $TESTOUT 2>&1 <<EOF 242dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 243changetype: modify 244delete: olcUniqueBase 245EOF 246RC=$? 247if test $RC != 0 ; then 248 echo "base removal failed" 249 test $KILLSERVERS != no && kill -HUP $KILLPIDS 250 exit -1 251fi 252 253echo Verifying base removal... 254$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/baseremoval-config.ldif 255cat >$TESTDIR/baseremoval-reference.ldif <<EOF 256dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 257objectClass: olcOverlayConfig 258objectClass: olcUniqueConfig 259olcOverlay: {0}unique 260olcUniqueAttribute: employeeNumber 261olcUniqueAttribute: displayName 262 263EOF 264diff $TESTDIR/baseremoval-config.ldif $TESTDIR/baseremoval-reference.ldif > /dev/null 2>&1 265RC=$? 266if test $RC != 0 ; then 267 echo "Configuration damaged by base removal" 268 test $KILLSERVERS != no && kill -HUP $KILLPIDS 269 exit -1 270fi 271 272echo "Adding a non-unique record..." 273$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 274 $TESTOUT 2>&1 << EOTUNIQ2 275dn: uid=bill,ou=users,o=unique 276objectClass: inetOrgPerson 277uid: bill 278sn: johnson 279cn: bill 280businessCategory: rtest 281carLicense: ABC123 282departmentNumber: 42 283displayName: Bill 284employeeNumber: 5150 285employeeType: contractor 286givenName: Bill 287EOTUNIQ2 288RC=$? 289if test $RC != $RCODEconstraint ; then 290 echo "unique check failed ($RC)!" 291 test $KILLSERVERS != no && kill -HUP $KILLPIDS 292 exit -1 293fi 294 295echo Trying a legacy base outside of the backend... 296$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 297 > $TESTOUT 2>&1 <<EOF 298dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 299changetype: modify 300add: olcUniqueBase 301olcUniqueBase: cn=config 302EOF 303RC=$? 304if test $RC != 80 ; then 305 echo "out of backend scope base allowed" 306 test $KILLSERVERS != no && kill -HUP $KILLPIDS 307 exit -1 308fi 309 310echo "Adding and removing attrs..." 311$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 312 > $TESTOUT 2>&1 <<EOF 313dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 314changetype: modify 315add: olcUniqueAttribute 316olcUniqueAttribute: description 317olcUniqueAttribute: telephoneNumber 318- 319delete: olcUniqueAttribute 320olcUniqueAttribute: displayName 321EOF 322RC=$? 323if test $RC != 0 ; then 324 echo "Unable to remove an attribute" 325 test $KILLSERVERS != no && kill -HUP $KILLPIDS 326 exit -1 327fi 328 329echo "Verifying we removed the right attr..." 330$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 331 $TESTOUT 2>&1 << EOTUNIQ2 332dn: uid=bill,ou=users,o=unique 333objectClass: inetOrgPerson 334uid: bill 335sn: johnson 336cn: bill 337businessCategory: rtest 338carLicense: ABC123 339departmentNumber: 42 340displayName: Bill 341employeeNumber: 5150 342employeeType: contractor 343givenName: Bill 344EOTUNIQ2 345RC=$? 346if test $RC != $RCODEconstraint ; then 347 echo "olcUniqueAttribtue single deletion hit the wrong value" 348 test $KILLSERVERS != no && kill -HUP $KILLPIDS 349 exit -1 350fi 351 352echo Removing legacy config and adding URIs... 353$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 354 > $TESTOUT 2>&1 <<EOF 355dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 356changetype: modify 357delete: olcUniqueAttribute 358- 359add: olcUniqueURI 360olcUniqueURI: ldap:///?employeeNumber,displayName?sub 361olcUniqueURI: ldap:///?description?one 362EOF 363RC=$? 364if test $RC != 0 ; then 365 echo "Reconfiguration to URIs failed" 366 test $KILLSERVERS != no && kill -HUP $KILLPIDS 367 exit -1 368fi 369 370echo Dynamically retrieving second configuration... 371$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config.ldif 372cat >$TESTDIR/second-reference.ldif <<EOF 373dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 374objectClass: olcOverlayConfig 375objectClass: olcUniqueConfig 376olcOverlay: {0}unique 377olcUniqueURI: ldap:///?employeeNumber,displayName?sub 378olcUniqueURI: ldap:///?description?one 379 380EOF 381diff $TESTDIR/second-config.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 382RC=$? 383if test $RC != 0 ; then 384 echo "Second configuration is not reported correctly." 385 test $KILLSERVERS != no && kill -HUP $KILLPIDS 386 exit -1 387fi 388 389echo "Adding a non-unique record..." 390$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 391 $TESTOUT 2>&1 << EOTUNIQ2 392dn: uid=bill,ou=users,o=unique 393objectClass: inetOrgPerson 394uid: bill 395sn: johnson 396cn: bill 397businessCategory: rtest 398carLicense: ABC123 399departmentNumber: 42 400displayName: Bill 401employeeNumber: 5150 402employeeType: contractor 403givenName: Bill 404EOTUNIQ2 405RC=$? 406if test $RC != $RCODEconstraint ; then 407 echo "unique check failed ($RC)!" 408 test $KILLSERVERS != no && kill -HUP $KILLPIDS 409 exit -1 410fi 411 412echo Dynamically trying to add legacy base 413$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 414 > $TESTOUT 2>&1 <<EOF 415dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 416changetype: modify 417add: olcUniqueBase 418olcUniqueBase: o=unique 419EOF 420RC=$? 421if test $RC != 80 ; then 422 echo "legacy base allowed with URIs" 423 test $KILLSERVERS != no && kill -HUP $KILLPIDS 424 exit -1 425fi 426 427echo Dynamically trying to add legacy attrs 428$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 429 > $TESTOUT 2>&1 <<EOF 430dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 431changetype: modify 432add: olcUniqueAttribute 433olcUniqueAttribute: description 434EOF 435RC=$? 436if test $RC != 80 ; then 437 echo "legacy attributes allowed with URIs" 438 test $KILLSERVERS != no && kill -HUP $KILLPIDS 439 exit -1 440fi 441 442echo Dynamically trying to add legacy strictness 443$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 444 > $TESTOUT 2>&1 <<EOF 445dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 446changetype: modify 447add: olcUniqueStrict 448olcUniqueStrict: TRUE 449EOF 450RC=$? 451if test $RC != 80 ; then 452 echo "legacy strictness allowed with URIs" 453 test $KILLSERVERS != no && kill -HUP $KILLPIDS 454 exit -1 455fi 456 457#echo ---------------------- 458echo Dynamically trying a bad filter... 459$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 460 > $TESTOUT 2>&1 <<EOF 461dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 462changetype: modify 463replace: olcUniqueURI 464olcUniqueURI: ldap:///?sn?sub?((cn=e*)) 465EOF 466RC=$? 467if test $RC != 80 ; then 468 echo "bad filter allowed" 469 test $KILLSERVERS != no && kill -HUP $KILLPIDS 470 exit -1 471fi 472 473echo Verifying second configuration intact... 474$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config-recheck.ldif 475diff $TESTDIR/second-config-recheck.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 476RC=$? 477if test $RC != 0 ; then 478 echo "Second configuration damaged by rejected modifies." 479 test $KILLSERVERS != no && kill -HUP $KILLPIDS 480 exit -1 481fi 482 483#echo ---------------------- 484echo Dynamically reconfiguring to use different URIs... 485$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 486 > $TESTOUT 2>&1 <<EOF 487dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 488changetype: modify 489add: olcUniqueURI 490olcUniqueURI: ldap:///?sn?sub?(cn=e*) 491olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 492- 493delete: olcUniqueURI 494olcUniqueURI: ldap:///?description?one 495EOF 496RC=$? 497if test $RC != 0 ; then 498 echo "unable to reconfigure" 499 test $KILLSERVERS != no && kill -HUP $KILLPIDS 500 exit -1 501fi 502 503echo Dynamically retrieving third configuration... 504$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/third-config.ldif 505cat >$TESTDIR/third-reference.ldif <<EOF 506dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 507objectClass: olcOverlayConfig 508objectClass: olcUniqueConfig 509olcOverlay: {0}unique 510olcUniqueURI: ldap:///?employeeNumber,displayName?sub 511olcUniqueURI: ldap:///?sn?sub?(cn=e*) 512olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 513 514EOF 515diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1 516RC=$? 517if test $RC != 0 ; then 518 echo "Third configuration is not reported correctly." 519 test $KILLSERVERS != no && kill -HUP $KILLPIDS 520 exit -1 521fi 522 523echo "Adding a record unique in both domains if filtered..." 524 525$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 526 $TESTOUT 2>&1 << EOF 527dn: uid=edgar,ou=users,o=unique 528objectClass: inetOrgPerson 529uid: edgar 530sn: johnson 531cn: edgar 532EOF 533 534RC=$? 535if test $RC != 0 ; then 536 echo "unique check failed ($RC)!" 537 test $KILLSERVERS != no && kill -HUP $KILLPIDS 538 exit -1 539fi 540 541echo "Adding a record unique in all domains because of filter conditions " 542$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 543 $TESTOUT 2>&1 << EOF 544dn: uid=empty,ou=users,o=unique 545objectClass: inetOrgPerson 546uid: edgar 547cn: empty 548sn: empty 549EOF 550 551RC=$? 552if test $RC != 0 ; then 553 echo "spurious unique error ($RC)!" 554 test $KILLSERVERS != no && kill -HUP $KILLPIDS 555 exit -1 556fi 557 558echo "Sending an empty modification" 559 560$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 561 $TESTOUT 2>&1 << EOF 562dn: uid=empty,ou=users,o=unique 563changetype: modify 564EOF 565 566RC=$? 567if test $RC != 0 ; then 568 echo "spurious unique error ($RC)!" 569 test $KILLSERVERS != no && kill -HUP $KILLPIDS 570 exit -1 571fi 572 573echo "Making a record non-unique" 574$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 575 $TESTOUT 2>&1 << EOF 576dn: uid=empty,ou=users,o=unique 577changetype: modify 578replace: sn 579sn: johnson 580EOF 581 582RC=$? 583if test $RC != $RCODEconstraint ; then 584 echo "unique check failed ($RC)!" 585 test $KILLSERVERS != no && kill -HUP $KILLPIDS 586 exit -1 587fi 588 589# ITS#6641/8057 590echo "Trying to bypass uniqueness as a normal user..." 591$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 592 $TESTOUT 2>&1 << EOF 593dn: uid=empty,ou=users,o=unique 594changetype: modify 595replace: sn 596sn: johnson 597EOF 598 599RC=$? 600if test $RC != $RCODEconstraint ; then 601 echo "unique check failed ($RC)!" 602 test $KILLSERVERS != no && kill -HUP $KILLPIDS 603 exit -1 604fi 605 606# ITS#6641/8057 607echo "Bypassing uniqueness as an admin user..." 608$LDAPMODIFY -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 609 $TESTOUT 2>&1 << EOF 610dn: uid=empty,ou=users,o=unique 611changetype: modify 612replace: sn 613sn: johnson 614EOF 615 616RC=$? 617if test $RC != 0 ; then 618 echo "spurious unique error ($RC)!" 619 test $KILLSERVERS != no && kill -HUP $KILLPIDS 620 exit $RC 621fi 622 623echo "Cleaning up" 624$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 625 $TESTOUT 2>&1 << EOF 626dn: uid=empty,ou=users,o=unique 627changetype: modify 628replace: sn 629sn: empty 630EOF 631 632RC=$? 633if test $RC != 0; then 634 echo "ldapmodify failed ($RC)!" 635 test $KILLSERVERS != no && kill -HUP $KILLPIDS 636 exit $RC 637fi 638 639echo "Adding another unique record..." 640$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 641 $TESTOUT 2>&1 << EOF 642dn: uid=not edgar,uid=edgar,ou=users,o=unique 643objectClass: inetOrgPerson 644uid: not edgar 645sn: Alan 646cn: not edgar 647EOF 648 649RC=$? 650if test $RC != 0 ; then 651 echo "unique check failed ($RC)!" 652 test $KILLSERVERS != no && kill -HUP $KILLPIDS 653 exit -1 654fi 655 656echo "Making the record non-unique with modrdn..." 657$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 658 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 659 660RC=$? 661if test $RC != $RCODEconstraint ; then 662 echo "unique check failed ($RC)!" 663 test $KILLSERVERS != no && kill -HUP $KILLPIDS 664 exit -1 665fi 666 667# ITS#6641/8057 668echo "Trying to bypass uniqueness as a normal user..." 669$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 670 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 671 672RC=$? 673if test $RC != $RCODEconstraint ; then 674 echo "unique check failed ($RC)!" 675 test $KILLSERVERS != no && kill -HUP $KILLPIDS 676 exit -1 677fi 678 679# ITS#6641/8057 680echo "Bypassing uniqueness as an admin user..." 681$LDAPMODRDN -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 682 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 683 684RC=$? 685if test $RC != 0 ; then 686 echo "spurious unique error ($RC)!" 687 test $KILLSERVERS != no && kill -HUP $KILLPIDS 688 exit $RC 689fi 690 691echo "Cleaning up" 692$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 693 "uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1 694RC=$? 695if test $RC != 0; then 696 echo "ldapdelete failed ($RC)!" 697 test $KILLSERVERS != no && kill -HUP $KILLPIDS 698 exit $RC 699fi 700 701echo "Adding a record unique in one domain, non-unique in the filtered domain..." 702 703$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 704 $TESTOUT 2>&1 << EOF 705dn: uid=elvis,ou=users,o=unique 706objectClass: inetOrgPerson 707uid: elvis 708sn: johnson 709cn: elvis 710EOF 711 712RC=$? 713if test $RC != $RCODEconstraint ; then 714 echo "unique check failed ($RC)!" 715 test $KILLSERVERS != no && kill -HUP $KILLPIDS 716 exit -1 717fi 718 719#echo ---------------------- 720echo Dynamically reconfiguring to use attribute-ignore URIs... 721$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 722 > $TESTOUT 2>&1 <<EOF 723dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 724changetype: modify 725replace: olcUniqueURI 726olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 727EOF 728RC=$? 729if test $RC != 0 ; then 730 echo "unable to reconfigure" 731 test $KILLSERVERS != no && kill -HUP $KILLPIDS 732 exit -1 733fi 734 735echo Dynamically retrieving fourth configuration... 736$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/fourth-config.ldif 737cat >$TESTDIR/fourth-reference.ldif <<EOF 738dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 739objectClass: olcOverlayConfig 740objectClass: olcUniqueConfig 741olcOverlay: {0}unique 742olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 743 744EOF 745diff $TESTDIR/fourth-config.ldif $TESTDIR/fourth-reference.ldif > /dev/null 2>&1 746RC=$? 747if test $RC != 0 ; then 748 echo "Fourth configuration is not reported correctly." 749 test $KILLSERVERS != no && kill -HUP $KILLPIDS 750 exit -1 751fi 752 753echo "Adding a record unique in the ignore-domain..." 754 755$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 756 $TESTOUT 2>&1 << EOF 757dn: uid=elvis,ou=users,o=unique 758objectClass: inetOrgPerson 759uid: elvis 760sn: johnson 761cn: elvis 762description: left the building 763EOF 764 765RC=$? 766if test $RC != 0 ; then 767 echo "unique check failed ($RC)!" 768 test $KILLSERVERS != no && kill -HUP $KILLPIDS 769 exit -1 770fi 771 772echo "Adding a record non-unique in the ignore-domain..." 773 774$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 775 $TESTOUT 2>&1 << EOF 776dn: uid=harry,ou=users,o=unique 777objectClass: inetOrgPerson 778uid: harry 779sn: johnson 780cn: harry 781description: left the building 782EOF 783 784RC=$? 785if test $RC != $RCODEconstraint ; then 786 echo "unique check failed ($RC)!" 787 test $KILLSERVERS != no && kill -HUP $KILLPIDS 788 exit -1 789fi 790 791test $KILLSERVERS != no && kill -HUP $KILLPIDS 792 793echo ">>>>> Test succeeded" 794 795test $KILLSERVERS != no && wait 796 797exit 0 798