1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2004-2016 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $UNIQUE = uniqueno; then 20 echo "Attribute Uniqueness overlay not available, test skipped" 21 exit 0 22fi 23 24RCODEconstraint=19 25test $BACKEND = null && RCODEconstraint=0 26 27mkdir -p $TESTDIR $DBDIR1 28 29$SLAPPASSWD -g -n >$CONFIGPWF 30echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 31 32echo "Running slapadd to build slapd database..." 33. $CONFFILTER $BACKEND $MONITORDB < $UNIQUECONF > $CONF1 34$SLAPADD -f $CONF1 -l $LDIFUNIQUE 35RC=$? 36if test $RC != 0 ; then 37 echo "slapadd failed ($RC)!" 38 exit $RC 39fi 40 41echo "Starting slapd on TCP/IP port $PORT1..." 42mkdir $TESTDIR/confdir 43$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 44PID=$! 45if test $WAIT != 0 ; then 46 echo PID $PID 47 read foo 48fi 49KILLPIDS="$PID" 50 51sleep 1 52 53echo "Testing slapd attribute uniqueness operations..." 54for i in 0 1 2 3 4 5; do 55 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 56 'objectclass=*' > /dev/null 2>&1 57 RC=$? 58 if test $RC = 0 ; then 59 break 60 fi 61 echo "Waiting 5 seconds for slapd to start..." 62 sleep 5 63done 64 65if test $RC != 0 ; then 66 echo "ldapsearch failed ($RC)!" 67 test $KILLSERVERS != no && kill -HUP $KILLPIDS 68 exit $RC 69fi 70 71echo "Adding a unique record..." 72$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 73 > /dev/null << EOTUNIQ1 74dn: uid=dave,ou=users,o=unique 75objectClass: inetOrgPerson 76objectClass: simpleSecurityObject 77uid: dave 78sn: nothere 79cn: dave 80businessCategory: otest 81carLicense: TEST 82departmentNumber: 42 83# NOTE: use special chars in attr value to be used 84# in internal searches ITS#4212 85displayName: Dave (ITS#4212) 86employeeNumber: 69 87employeeType: contractor 88givenName: Dave 89userpassword: $PASSWD 90EOTUNIQ1 91RC=$? 92if test $RC != 0 ; then 93 echo "ldapadd failed ($RC)!" 94 test $KILLSERVERS != no && kill -HUP $KILLPIDS 95 exit $RC 96fi 97 98echo "Adding a non-unique record..." 99$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 100 $TESTOUT 2>&1 << EOTUNIQ2 101dn: uid=bill,ou=users,o=unique 102objectClass: inetOrgPerson 103uid: bill 104sn: johnson 105cn: bill 106businessCategory: rtest 107carLicense: ABC123 108departmentNumber: 42 109displayName: Bill 110employeeNumber: 5150 111employeeType: contractor 112givenName: Bill 113EOTUNIQ2 114RC=$? 115if test $RC != $RCODEconstraint ; then 116 echo "unique check failed ($RC)!" 117 test $KILLSERVERS != no && kill -HUP $KILLPIDS 118 exit -1 119fi 120 121# ITS#6641/8057 122echo "Trying to bypass uniqueness as a normal user..." 123$LDAPADD -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 124 $TESTOUT 2>&1 << EOTUNIQ2 125dn: uid=bill,ou=users,o=unique 126objectClass: inetOrgPerson 127uid: bill 128sn: johnson 129cn: bill 130businessCategory: rtest 131carLicense: ABC123 132departmentNumber: 42 133displayName: Bill 134employeeNumber: 5150 135employeeType: contractor 136givenName: Bill 137EOTUNIQ2 138RC=$? 139if test $RC != $RCODEconstraint ; then 140 echo "unique check failed ($RC)!" 141 test $KILLSERVERS != no && kill -HUP $KILLPIDS 142 exit -1 143fi 144 145# ITS#6641/8057 146echo "Bypassing uniqueness as an admin user..." 147$LDAPADD -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 148 $TESTOUT 2>&1 << EOTUNIQ2 149dn: uid=bill,ou=users,o=unique 150objectClass: inetOrgPerson 151uid: bill 152sn: johnson 153cn: bill 154businessCategory: rtest 155carLicense: ABC123 156departmentNumber: 42 157displayName: Bill 158employeeNumber: 5150 159employeeType: contractor 160givenName: Bill 161EOTUNIQ2 162RC=$? 163if test $RC != 0 ; then 164 echo "spurious unique error ($RC)!" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 exit $RC 167fi 168 169echo "Cleaning up" 170$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 171 "uid=bill,ou=users,o=unique" > $TESTOUT 2>&1 172RC=$? 173if test $RC != 0; then 174 echo "ldapdelete failed ($RC)!" 175 test $KILLSERVERS != no && kill -HUP $KILLPIDS 176 exit $RC 177fi 178 179echo Dynamically retrieving initial configuration... 180$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif 181cat <<EOF >$TESTDIR/initial-reference.ldif 182dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 183objectClass: olcOverlayConfig 184objectClass: olcUniqueConfig 185olcOverlay: {0}unique 186olcUniqueBase: o=unique 187olcUniqueAttribute: employeeNumber 188olcUniqueAttribute: displayName 189 190EOF 191diff $TESTDIR/initial-config.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 192RC=$? 193if test $RC != 0 ; then 194 echo "Initial configuration is not reported correctly." 195 test $KILLSERVERS != no && kill -HUP $KILLPIDS 196 exit -1 197fi 198 199echo Dynamically trying to add a URI with legacy attrs present... 200$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 201 > $TESTOUT 2>&1 <<EOF 202dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 203changetype: modify 204add: olcUniqueURI 205olcUniqueURI: ldap:///?employeeNumber,displayName?sub 206EOF 207RC=$? 208if test $RC != 80 ; then 209 echo "legacy and unique_uri allowed together" 210 test $KILLSERVERS != no && kill -HUP $KILLPIDS 211 exit -1 212fi 213 214echo Dynamically trying to add legacy ignored attrs with legacy attrs present... 215$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 216 > $TESTOUT 2>&1 <<EOF 217dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 218changetype: modify 219add: olcUniqueIgnore 220olcUniqueIgnore: objectClass 221EOF 222RC=$? 223if test $RC != 80 ; then 224 echo "legacy attrs and legacy ignore attrs allowed together" 225 test $KILLSERVERS != no && kill -HUP $KILLPIDS 226 exit -1 227fi 228 229echo Verifying initial configuration intact... 230$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config-recheck.ldif 231diff $TESTDIR/initial-config-recheck.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 232RC=$? 233if test $RC != 0 ; then 234 echo "Initial configuration damaged by unsuccessful modifies." 235 test $KILLSERVERS != no && kill -HUP $KILLPIDS 236 exit -1 237fi 238 239echo Dynamically removing legacy base... 240$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 241 > $TESTOUT 2>&1 <<EOF 242dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 243changetype: modify 244delete: olcUniqueBase 245EOF 246RC=$? 247if test $RC != 0 ; then 248 echo "base removal failed" 249 test $KILLSERVERS != no && kill -HUP $KILLPIDS 250 exit -1 251fi 252 253echo Verifying base removal... 254$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/baseremoval-config.ldif 255cat >$TESTDIR/baseremoval-reference.ldif <<EOF 256dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 257objectClass: olcOverlayConfig 258objectClass: olcUniqueConfig 259olcOverlay: {0}unique 260olcUniqueAttribute: employeeNumber 261olcUniqueAttribute: displayName 262 263EOF 264diff $TESTDIR/baseremoval-config.ldif $TESTDIR/baseremoval-reference.ldif > /dev/null 2>&1 265RC=$? 266if test $RC != 0 ; then 267 echo "Configuration damaged by base removal" 268 test $KILLSERVERS != no && kill -HUP $KILLPIDS 269 exit -1 270fi 271 272echo "Adding a non-unique record..." 273$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 274 $TESTOUT 2>&1 << EOTUNIQ2 275dn: uid=bill,ou=users,o=unique 276objectClass: inetOrgPerson 277uid: bill 278sn: johnson 279cn: bill 280businessCategory: rtest 281carLicense: ABC123 282departmentNumber: 42 283displayName: Bill 284employeeNumber: 5150 285employeeType: contractor 286givenName: Bill 287EOTUNIQ2 288RC=$? 289if test $RC != $RCODEconstraint ; then 290 echo "unique check failed ($RC)!" 291 test $KILLSERVERS != no && kill -HUP $KILLPIDS 292 exit -1 293fi 294 295echo Trying a legacy base outside of the backend... 296$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 297 > $TESTOUT 2>&1 <<EOF 298dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 299changetype: modify 300add: olcUniqueBase 301olcUniqueBase: cn=config 302EOF 303RC=$? 304if test $RC != 80 ; then 305 echo "out of backend scope base allowed" 306 test $KILLSERVERS != no && kill -HUP $KILLPIDS 307 exit -1 308fi 309 310echo "Adding and removing attrs..." 311$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 312 > $TESTOUT 2>&1 <<EOF 313dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 314changetype: modify 315add: olcUniqueAttribute 316olcUniqueAttribute: description 317olcUniqueAttribute: telephoneNumber 318- 319delete: olcUniqueAttribute 320olcUniqueAttribute: displayName 321EOF 322RC=$? 323if test $RC != 0 ; then 324 echo "Unable to remove an attribute" 325 test $KILLSERVERS != no && kill -HUP $KILLPIDS 326 exit -1 327fi 328 329echo "Verifying we removed the right attr..." 330$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 331 $TESTOUT 2>&1 << EOTUNIQ2 332dn: uid=bill,ou=users,o=unique 333objectClass: inetOrgPerson 334uid: bill 335sn: johnson 336cn: bill 337businessCategory: rtest 338carLicense: ABC123 339departmentNumber: 42 340displayName: Bill 341employeeNumber: 5150 342employeeType: contractor 343givenName: Bill 344EOTUNIQ2 345RC=$? 346if test $RC != $RCODEconstraint ; then 347 echo "olcUniqueAttribtue single deletion hit the wrong value" 348 test $KILLSERVERS != no && kill -HUP $KILLPIDS 349 exit -1 350fi 351 352echo Removing legacy config and adding URIs... 353$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 354 > $TESTOUT 2>&1 <<EOF 355dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 356changetype: modify 357delete: olcUniqueAttribute 358- 359add: olcUniqueURI 360olcUniqueURI: ldap:///?employeeNumber,displayName?sub 361olcUniqueURI: ldap:///?description?one 362EOF 363RC=$? 364if test $RC != 0 ; then 365 echo "Reconfiguration to URIs failed" 366 test $KILLSERVERS != no && kill -HUP $KILLPIDS 367 exit -1 368fi 369 370echo Dynamically retrieving second configuration... 371$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config.ldif 372cat >$TESTDIR/second-reference.ldif <<EOF 373dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 374objectClass: olcOverlayConfig 375objectClass: olcUniqueConfig 376olcOverlay: {0}unique 377olcUniqueURI: ldap:///?employeeNumber,displayName?sub 378olcUniqueURI: ldap:///?description?one 379 380EOF 381diff $TESTDIR/second-config.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 382RC=$? 383if test $RC != 0 ; then 384 echo "Second configuration is not reported correctly." 385 test $KILLSERVERS != no && kill -HUP $KILLPIDS 386 exit -1 387fi 388 389echo "Adding a non-unique record..." 390$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 391 $TESTOUT 2>&1 << EOTUNIQ2 392dn: uid=bill,ou=users,o=unique 393objectClass: inetOrgPerson 394uid: bill 395sn: johnson 396cn: bill 397businessCategory: rtest 398carLicense: ABC123 399departmentNumber: 42 400displayName: Bill 401employeeNumber: 5150 402employeeType: contractor 403givenName: Bill 404EOTUNIQ2 405RC=$? 406if test $RC != $RCODEconstraint ; then 407 echo "unique check failed ($RC)!" 408 test $KILLSERVERS != no && kill -HUP $KILLPIDS 409 exit -1 410fi 411 412echo Dynamically trying to add legacy base 413$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 414 > $TESTOUT 2>&1 <<EOF 415dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 416changetype: modify 417add: olcUniqueBase 418olcUniqueBase: o=unique 419EOF 420RC=$? 421if test $RC != 80 ; then 422 echo "legacy base allowed with URIs" 423 test $KILLSERVERS != no && kill -HUP $KILLPIDS 424 exit -1 425fi 426 427echo Dynamically trying to add legacy attrs 428$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 429 > $TESTOUT 2>&1 <<EOF 430dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 431changetype: modify 432add: olcUniqueAttribute 433olcUniqueAttribute: description 434EOF 435RC=$? 436if test $RC != 80 ; then 437 echo "legacy attributes allowed with URIs" 438 test $KILLSERVERS != no && kill -HUP $KILLPIDS 439 exit -1 440fi 441 442echo Dynamically trying to add legacy strictness 443$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 444 > $TESTOUT 2>&1 <<EOF 445dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 446changetype: modify 447add: olcUniqueStrict 448olcUniqueStrict: TRUE 449EOF 450RC=$? 451if test $RC != 80 ; then 452 echo "legacy strictness allowed with URIs" 453 test $KILLSERVERS != no && kill -HUP $KILLPIDS 454 exit -1 455fi 456 457#echo ---------------------- 458echo Dynamically trying a bad filter... 459$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 460 > $TESTOUT 2>&1 <<EOF 461dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 462changetype: modify 463replace: olcUniqueURI 464olcUniqueURI: ldap:///?sn?sub?((cn=e*)) 465EOF 466RC=$? 467if test $RC != 80 ; then 468 echo "bad filter allowed" 469 test $KILLSERVERS != no && kill -HUP $KILLPIDS 470 exit -1 471fi 472 473echo Verifying second configuration intact... 474$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config-recheck.ldif 475diff $TESTDIR/second-config-recheck.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 476RC=$? 477if test $RC != 0 ; then 478 echo "Second configuration damaged by rejected modifies." 479 test $KILLSERVERS != no && kill -HUP $KILLPIDS 480 exit -1 481fi 482 483#echo ---------------------- 484echo Dynamically reconfiguring to use different URIs... 485$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 486 > $TESTOUT 2>&1 <<EOF 487dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 488changetype: modify 489add: olcUniqueURI 490olcUniqueURI: ldap:///?sn?sub?(cn=e*) 491olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 492- 493delete: olcUniqueURI 494olcUniqueURI: ldap:///?description?one 495EOF 496RC=$? 497if test $RC != 0 ; then 498 echo "unable to reconfigure" 499 test $KILLSERVERS != no && kill -HUP $KILLPIDS 500 exit -1 501fi 502 503echo Dynamically retrieving third configuration... 504$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/third-config.ldif 505cat >$TESTDIR/third-reference.ldif <<EOF 506dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 507objectClass: olcOverlayConfig 508objectClass: olcUniqueConfig 509olcOverlay: {0}unique 510olcUniqueURI: ldap:///?employeeNumber,displayName?sub 511olcUniqueURI: ldap:///?sn?sub?(cn=e*) 512olcUniqueURI: ldap:///?uid?sub?(cn=edgar) 513 514EOF 515diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1 516RC=$? 517if test $RC != 0 ; then 518 echo "Third configuration is not reported correctly." 519 test $KILLSERVERS != no && kill -HUP $KILLPIDS 520 exit -1 521fi 522 523echo "Adding a record unique in both domains if filtered..." 524 525$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 526 $TESTOUT 2>&1 << EOF 527dn: uid=edgar,ou=users,o=unique 528objectClass: inetOrgPerson 529uid: edgar 530sn: johnson 531cn: edgar 532EOF 533 534RC=$? 535if test $RC != 0 ; then 536 echo "unique check failed ($RC)!" 537 test $KILLSERVERS != no && kill -HUP $KILLPIDS 538 exit -1 539fi 540 541echo "Adding a record unique in all domains because of filter conditions " 542$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 543 $TESTOUT 2>&1 << EOF 544dn: uid=empty,ou=users,o=unique 545objectClass: inetOrgPerson 546uid: edgar 547cn: empty 548sn: empty 549EOF 550 551RC=$? 552if test $RC != 0 ; then 553 echo "spurious unique error ($RC)!" 554 test $KILLSERVERS != no && kill -HUP $KILLPIDS 555 exit -1 556fi 557 558echo "Making a record non-unique" 559$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 560 $TESTOUT 2>&1 << EOF 561dn: uid=empty,ou=users,o=unique 562changetype: modify 563replace: sn 564sn: johnson 565EOF 566 567RC=$? 568if test $RC != $RCODEconstraint ; then 569 echo "unique check failed ($RC)!" 570 test $KILLSERVERS != no && kill -HUP $KILLPIDS 571 exit -1 572fi 573 574# ITS#6641/8057 575echo "Trying to bypass uniqueness as a normal user..." 576$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 577 $TESTOUT 2>&1 << EOF 578dn: uid=empty,ou=users,o=unique 579changetype: modify 580replace: sn 581sn: johnson 582EOF 583 584RC=$? 585if test $RC != $RCODEconstraint ; then 586 echo "unique check failed ($RC)!" 587 test $KILLSERVERS != no && kill -HUP $KILLPIDS 588 exit -1 589fi 590 591# ITS#6641/8057 592echo "Bypassing uniqueness as an admin user..." 593$LDAPMODIFY -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 594 $TESTOUT 2>&1 << EOF 595dn: uid=empty,ou=users,o=unique 596changetype: modify 597replace: sn 598sn: johnson 599EOF 600 601RC=$? 602if test $RC != 0 ; then 603 echo "spurious unique error ($RC)!" 604 test $KILLSERVERS != no && kill -HUP $KILLPIDS 605 exit $RC 606fi 607 608echo "Cleaning up" 609$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 610 $TESTOUT 2>&1 << EOF 611dn: uid=empty,ou=users,o=unique 612changetype: modify 613replace: sn 614sn: empty 615EOF 616 617RC=$? 618if test $RC != 0; then 619 echo "ldapmodify failed ($RC)!" 620 test $KILLSERVERS != no && kill -HUP $KILLPIDS 621 exit $RC 622fi 623 624echo "Adding another unique record..." 625$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 626 $TESTOUT 2>&1 << EOF 627dn: uid=not edgar,uid=edgar,ou=users,o=unique 628objectClass: inetOrgPerson 629uid: not edgar 630sn: Alan 631cn: not edgar 632EOF 633 634RC=$? 635if test $RC != 0 ; then 636 echo "unique check failed ($RC)!" 637 test $KILLSERVERS != no && kill -HUP $KILLPIDS 638 exit -1 639fi 640 641echo "Making the record non-unique with modrdn..." 642$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 643 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 644 645RC=$? 646if test $RC != $RCODEconstraint ; then 647 echo "unique check failed ($RC)!" 648 test $KILLSERVERS != no && kill -HUP $KILLPIDS 649 exit -1 650fi 651 652# ITS#6641/8057 653echo "Trying to bypass uniqueness as a normal user..." 654$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 655 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 656 657RC=$? 658if test $RC != $RCODEconstraint ; then 659 echo "unique check failed ($RC)!" 660 test $KILLSERVERS != no && kill -HUP $KILLPIDS 661 exit -1 662fi 663 664# ITS#6641/8057 665echo "Bypassing uniqueness as an admin user..." 666$LDAPMODRDN -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 667 "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 668 669RC=$? 670if test $RC != 0 ; then 671 echo "spurious unique error ($RC)!" 672 test $KILLSERVERS != no && kill -HUP $KILLPIDS 673 exit $RC 674fi 675 676echo "Cleaning up" 677$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ 678 "uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1 679RC=$? 680if test $RC != 0; then 681 echo "ldapdelete failed ($RC)!" 682 test $KILLSERVERS != no && kill -HUP $KILLPIDS 683 exit $RC 684fi 685 686echo "Adding a record unique in one domain, non-unique in the filtered domain..." 687 688$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 689 $TESTOUT 2>&1 << EOF 690dn: uid=elvis,ou=users,o=unique 691objectClass: inetOrgPerson 692uid: elvis 693sn: johnson 694cn: elvis 695EOF 696 697RC=$? 698if test $RC != $RCODEconstraint ; then 699 echo "unique check failed ($RC)!" 700 test $KILLSERVERS != no && kill -HUP $KILLPIDS 701 exit -1 702fi 703 704#echo ---------------------- 705echo Dynamically reconfiguring to use attribute-ignore URIs... 706$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ 707 > $TESTOUT 2>&1 <<EOF 708dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 709changetype: modify 710replace: olcUniqueURI 711olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 712EOF 713RC=$? 714if test $RC != 0 ; then 715 echo "unable to reconfigure" 716 test $KILLSERVERS != no && kill -HUP $KILLPIDS 717 exit -1 718fi 719 720echo Dynamically retrieving fourth configuration... 721$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/fourth-config.ldif 722cat >$TESTDIR/fourth-reference.ldif <<EOF 723dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config 724objectClass: olcOverlayConfig 725objectClass: olcUniqueConfig 726olcOverlay: {0}unique 727olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub 728 729EOF 730diff $TESTDIR/fourth-config.ldif $TESTDIR/fourth-reference.ldif > /dev/null 2>&1 731RC=$? 732if test $RC != 0 ; then 733 echo "Fourth configuration is not reported correctly." 734 test $KILLSERVERS != no && kill -HUP $KILLPIDS 735 exit -1 736fi 737 738echo "Adding a record unique in the ignore-domain..." 739 740$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 741 $TESTOUT 2>&1 << EOF 742dn: uid=elvis,ou=users,o=unique 743objectClass: inetOrgPerson 744uid: elvis 745sn: johnson 746cn: elvis 747description: left the building 748EOF 749 750RC=$? 751if test $RC != 0 ; then 752 echo "unique check failed ($RC)!" 753 test $KILLSERVERS != no && kill -HUP $KILLPIDS 754 exit -1 755fi 756 757echo "Adding a record non-unique in the ignore-domain..." 758 759$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ 760 $TESTOUT 2>&1 << EOF 761dn: uid=harry,ou=users,o=unique 762objectClass: inetOrgPerson 763uid: harry 764sn: johnson 765cn: harry 766description: left the building 767EOF 768 769RC=$? 770if test $RC != $RCODEconstraint ; then 771 echo "unique check failed ($RC)!" 772 test $KILLSERVERS != no && kill -HUP $KILLPIDS 773 exit -1 774fi 775 776test $KILLSERVERS != no && kill -HUP $KILLPIDS 777 778echo ">>>>> Test succeeded" 779 780test $KILLSERVERS != no && wait 781 782exit 0 783