mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
check for empty DN in proxyAuthz control
This commit is contained in:
parent
8b954144d6
commit
4bd0b59fb6
@ -5,6 +5,7 @@ objectclass: top
|
||||
objectclass: organization
|
||||
objectclass: domainRelatedObject
|
||||
objectclass: dcobject
|
||||
objectClass: simpleSecurityObject
|
||||
dc: example
|
||||
l: Anytown, Michigan
|
||||
st: Michigan
|
||||
@ -15,6 +16,8 @@ description: The Example, Inc. at Anytown
|
||||
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
|
||||
telephonenumber: +1 313 764-1817
|
||||
associateddomain: example.com
|
||||
userpassword:: ZXhhbXBsZQ==
|
||||
authzTo: dn:
|
||||
|
||||
dn: ou=People,dc=example,dc=com
|
||||
objectclass: organizationalUnit
|
||||
|
@ -102,7 +102,7 @@ if test $RC != 0 ; then
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
# authzFrom: someone else => njorn
|
||||
# authzFrom: someone else => bjorn
|
||||
echo "Testing authzFrom..."
|
||||
|
||||
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
||||
@ -388,12 +388,40 @@ if test $RC != 1 ; then
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
||||
BINDPW=bjorn
|
||||
AUTHZID="dn:"
|
||||
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
|
||||
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
||||
-e \!authzid="$AUTHZID"
|
||||
|
||||
RC=$?
|
||||
if test $RC != 1 ; then
|
||||
echo "ldapwhoami failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
BINDDN="dc=example,dc=com"
|
||||
BINDPW=example
|
||||
AUTHZID="dn:"
|
||||
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact; should succeed)..."
|
||||
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
||||
-e \!authzid="$AUTHZID"
|
||||
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapwhoami failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
|
||||
echo ">>>>> Test succeeded"
|
||||
exit 0
|
||||
|
||||
## Note to developers: the command
|
||||
## Note to developers: when SLAPD_DEBUG=-1 the command
|
||||
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' testrun/slapd.1.log
|
||||
## must return consecutive numbers from 1 to 9 twice to indicate
|
||||
## that the authzFrom and authzTo rules applied in the right order.
|
||||
## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
|
||||
## to indicate that the authzFrom and authzTo rules applied in the right order.
|
||||
|
Loading…
Reference in New Issue
Block a user