xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test064-constraint (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1#!/bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $CONSTRAINT = constraintno; then
20	echo "Constraint overlay not available, test skipped"
21	exit 0
22fi
23
24CONSTRAINTDIR="$DATADIR/constraint"
25ROOTLDIF="$CONSTRAINTDIR/root.ldif"
26USERLDIF="$CONSTRAINTDIR/user.ldif"
27RESULTOUT="$CONSTRAINTDIR/constraint.out"
28SCRIPTOUT="$TESTDIR/constraint.out"
29USERDN="cn=John Doe,ou=users,$BASEDN"
30
31CONFDIR=$TESTDIR/slapd.d
32mkdir -p $TESTDIR $CONFDIR $DBDIR1
33
34$SLAPPASSWD -g -n >$CONFIGPWF
35
36cat > $TESTDIR/config.ldif <<EOF
37dn: cn=config
38objectClass: olcGlobal
39cn: config
40olcArgsFile: $TESTDIR/slapd.args
41olcPidFile: $TESTDIR/slapd.pid
42
43dn: cn=schema,cn=config
44objectClass: olcSchemaConfig
45cn: schema
46
47include: file://$TESTWD/schema/core.ldif
48include: file://$TESTWD/schema/cosine.ldif
49include: file://$TESTWD/schema/inetorgperson.ldif
50
51dn: olcDatabase=config,cn=config
52objectClass: olcDatabaseConfig
53olcDatabase: config
54olcRootPW:< file://$CONFIGPWF
55EOF
56
57if [ "$BACKENDTYPE" = mod ]; then
58	cat >> $TESTDIR/config.ldif <<EOF
59
60dn: cn=module,cn=config
61objectClass: olcModuleList
62cn: module
63olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
64olcModuleLoad: back_$BACKEND.la
65EOF
66fi
67
68if [ "$CONSTRAINT" = constraintmod ]; then
69	cat >> $TESTDIR/config.ldif <<EOF
70
71dn: cn=module,cn=config
72objectClass: olcModuleList
73cn: module
74olcModulePath: $TESTWD/../servers/slapd/overlays
75olcModuleLoad: constraint.la
76EOF
77fi
78
79cat >> $TESTDIR/config.ldif <<EOF
80
81dn: olcDatabase={1}$BACKEND,cn=config
82objectClass: olcDatabaseConfig
83objectClass: olc${BACKEND}Config
84olcDatabase: $BACKEND
85olcSuffix: $BASEDN
86olcRootDN: $MANAGERDN
87olcRootPW: $PASSWD
88olcDbDirectory: $TESTDIR/db.1.a
89EOF
90
91if [ "$INDEXDB" = indexdb ]; then
92	cat >> $TESTDIR/config.ldif <<EOF
93olcDbIndex: objectClass eq,pres
94olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
95EOF
96fi
97
98cat >> $TESTDIR/config.ldif <<EOF
99
100dn: olcOverlay=constraint,olcDatabase={1}$BACKEND,cn=config
101objectClass: olcOverlayConfig
102objectClass: olcConstraintConfig
103olcOverlay: constraint
104olcConstraintAttribute: mail
105  count 3
106  restrict="ldap:///ou=users,$BASEDN??one?(objectClass=inetOrgPerson)"
107# check if restrict works (if not, this will apply to ou=users subtree as well
108# and some tests will fail)
109olcConstraintAttribute: mail count 1 restrict="ldap:///ou=groups,$BASEDN??one"
110olcConstraintAttribute: mail regex ^[[:alnum:]]+@example.com$
111olcConstraintAttribute: description count 2
112olcConstraintAttribute: jpegPhoto count 0
113# cn value has to be concatenated givenName SP sn
114olcConstraintAttribute: cn,sn,givenName
115  set "(this/givenName + [ ] + this/sn) & this/cn"
116  restrict="ldap:///$USERDN??sub?(objectClass=inetOrgPerson)"
117olcConstraintAttribute: uid
118  uri "ldap:///ou=groups,$BASEDN?uid?one?(objectClass=inetOrgPerson)"
119  restrict="ldap:///ou=users,$BASEDN??one"
120EOF
121
122$SLAPADD -F $CONFDIR -n 0 -l $TESTDIR/config.ldif
123
124echo "Starting slapd on TCP/IP port $PORT1..."
125$SLAPD -F $CONFDIR -h $URI1 -d $LVL > $LOG1 2>&1 &
126PID=$!
127if test $WAIT != 0 ; then
128	echo PID $PID
129	read foo
130fi
131KILLPIDS="$PID"
132sleep 1
133
134echo "Using ldapsearch to check that slapd is running..."
135for i in 0 1 2 3 4 5; do
136	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
137		'objectclass=*' > /dev/null 2>&1
138	RC=$?
139	if test $RC = 0 ; then
140		break
141	fi
142	echo "Waiting 5 seconds for slapd to start..."
143	sleep 5
144done
145if test $RC != 0 ; then
146	echo "ldapsearch failed ($RC)!"
147	test $KILLSERVERS != no && kill -HUP $KILLPIDS
148	exit $RC
149fi
150
151echo "Adding basic structure..."
152$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $ROOTLDIF >/dev/null 2>&1
153RC=$?
154if test $RC != 0 ; then
155	echo "ldapadd failed ($RC)!"
156	test $KILLSERVERS != no && kill -HUP $PID
157	exit $RC
158fi
159$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $USERLDIF >/dev/null 2>&1
160RC=$?
161if test $RC != 0 ; then
162	echo "ldapadd failed ($RC)!"
163	test $KILLSERVERS != no && kill -HUP $PID
164	exit $RC
165fi
166
167echo "Running constraint tests..."
168for ldif in $CONSTRAINTDIR/*ok*.ldif $CONSTRAINTDIR/*fail*.ldif; do
169	### reload
170	$LDAPDELETE -D "$MANAGERDN" -H $URI1 -w $PASSWD "$USERDN" >/dev/null 2>&1
171	RC=$?
172	if test $RC != 0 ; then
173		echo "ldapdelete failed ($RC)!"
174		test $KILLSERVERS != no && kill -HUP $PID
175		exit $RC
176	fi
177	$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $USERLDIF >/dev/null 2>&1
178	RC=$?
179	if test $RC != 0 ; then
180		echo "ldapadd failed ($RC)!"
181		test $KILLSERVERS != no && kill -HUP $PID
182		exit $RC
183	fi
184
185	### info
186	echo -n "  [$ldif]: "
187
188	### modify
189	$LDAPMODIFY -H $URI1 -x -D "$MANAGERDN" -f $ldif -w $PASSWD >/dev/null 2>&1
190	RC=$?
191	if test $RC = 0 ; then
192		echo "OK" | tee -a $SCRIPTOUT
193	elif test $RC = 19 ; then
194		echo "FAIL" | tee -a $SCRIPTOUT
195	else
196		echo "UNEXPECTED ($RC)"
197	fi
198done
199
200echo "Comparing output..."
201$DIFF $SCRIPTOUT $RESULTOUT > $CMPOUT
202RC=$?
203if test $RC != 0 ; then
204	echo "Comparison failed"
205	test $KILLSERVERS != no && kill -HUP $PID
206	exit $RC
207fi
208
209test $KILLSERVERS != no && kill -HUP $PID
210
211echo ">>>>> Test succeeded"
212
213test $KILLSERVERS != no && wait
214
215exit 0
216