diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index db6c1fb015..cb060640e1 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -20,6 +20,19 @@ mail: jaj@mail.alumni.example.com facsimileTelephoneNumber: +1 313 555 4332 telephoneNumber: +1 313 555 0895 +# Checking exact/regex attrval clause +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +cn: Mark A Elliot + +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +cn: Mark Elliot + +dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com +cn: John Doe + +dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com +cn: Jonathon Doe + # Using ldapsearch to retrieve all the entries... dn: ou=Add & Delete,dc=example,dc=com objectClass: organizationalUnit @@ -316,8 +329,6 @@ telephoneNumber: +1 313 555 7334 dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com objectClass: OpenLDAPperson -cn: John Doe -cn: Jonathon Doe sn: Doe uid: johnd postalAddress: ITD $ 535 W. William $ Anytown, MI 48109 diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf index c769714932..082fabf5d3 100644 --- a/tests/data/slapd-acl.conf +++ b/tests/data/slapd-acl.conf @@ -63,6 +63,34 @@ access to filter="(objectclass=person)" attr=userpassword by anonymous auth by self =wx +access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" + attrs=cn val="Mark A Elliot" + by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" + attrs=cn val="Mark Elliot" + by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" + attrs=cn + by * search + +access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" + attrs=cn val.regex="^John D.*" + by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" + attrs=cn val.regex="^Jonath.*" + by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" + attrs=cn + by * search + access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com" by dn.regex=".+,dc=example,dc=com" +c continue by dn.subtree="dc=example,dc=com" +rs continue diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh index faa061a0c0..4fbe350e39 100755 --- a/tests/scripts/defines.sh +++ b/tests/scripts/defines.sh @@ -205,6 +205,8 @@ PASSWD=secret BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com" BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,OU=People,dc=example,dc=com" JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" +MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" REFINTDN="cn=Manager,o=refint" RETCODEDN="ou=RetCodes,$BASEDN" UNIQUEDN="cn=Manager,o=unique" diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls index 38da4d1bc0..5be3642079 100755 --- a/tests/scripts/test006-acls +++ b/tests/scripts/test006-acls @@ -78,7 +78,23 @@ echo "# ... and should return all attributes if we're bound as anyone # under Example." \ >> $SEARCHOUT $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \ - -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 + -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 + +# ITS#4253 +echo "# Checking exact/regex attrval clause" >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 + +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 # # Check group access. Try to modify Babs' entry. Two attempts: