more on ITS#4253

2025-02-23 14:09:39 +08:00 · 2005-12-10 10:23:01 +00:00 · 2005-12-10 10:23:01 +00:00 · 56258f75db
commit 56258f75db
parent 93d0ef91e6
3 changed files with 30 additions and 4 deletions
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@ -33,6 +33,16 @@ cn: John Doe
 dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
 cn: Jonathon Doe

+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+cn: Bjorn Jensen
+cn: Biiff Jensen
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+cn: Barbara Jensen
+cn: Babs Jensen
+
 # Using ldapsearch to retrieve all the entries...
 dn: ou=Add & Delete,dc=example,dc=com
 objectClass: organizationalUnit
@ -113,8 +123,6 @@ telephoneNumber: +1 313 555 9022
 dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
 =com
 objectClass: OpenLDAPperson
-cn: Bjorn Jensen
-cn: Biiff Jensen
 sn: Jensen
 uid: bjorn
 seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@ -78,12 +78,12 @@ access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,d
 		by * search

 access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
-			attrs=cn val.regex="^John D.*"
+			attrs=cn val.regex="^John D.+"
 		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
 		by * break

 access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
-			attrs=cn val.regex="^Jonath.*"
+			attrs=cn val.regex="^Jonath.+"
 		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
 		by * break

@ -91,6 +91,17 @@ access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc
 			attrs=cn
 		by * search

+access		to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
+			filter="(cn=*Jensen)"
+			attrs=cn val.regex=".*Jensen$"
+		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+		by * break
+
+access		to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+			attrs=cn
+		by * search
+
 access		to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
 		by dn.regex=".+,dc=example,dc=com" +c continue
 		by dn.subtree="dc=example,dc=com" +rs continue
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@ -96,6 +96,13 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
 	-D "$BJORNSDN" -w bjorn \
 	-b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1

+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+	-D "$BABSDN" -w bjensen \
+	-b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 \
+	-D "$BJORNSDN" -w bjorn \
+	-b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
+
 #
 # Check group access. Try to modify Babs' entry. Two attempts:
 # 1) bound as "James A Jones 1" - should fail