mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#9038 Update test028 to test this is enforced
This commit is contained in:
parent
fbe5611e60
commit
eb5a58487b
@ -4,6 +4,11 @@ objectClass: dcObject
|
||||
o: Example, Inc.
|
||||
dc: example
|
||||
|
||||
dn: cn=Manager,o=Example,c=US
|
||||
objectClass: inetOrgPerson
|
||||
cn: Manager
|
||||
sn: Parson
|
||||
|
||||
dn: ou=People,o=Example,c=US
|
||||
objectClass: organizationalUnit
|
||||
ou: People
|
||||
|
@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args
|
||||
#######################################################################
|
||||
|
||||
authz-policy both
|
||||
authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
|
||||
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
|
||||
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
|
||||
authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
|
||||
|
@ -4,6 +4,12 @@ objectClass: dcObject
|
||||
o: Example, Inc.
|
||||
dc: example
|
||||
|
||||
dn: cn=Manager,dc=example,dc=com
|
||||
objectClass: inetOrgPerson
|
||||
cn: Manager
|
||||
sn: Parson
|
||||
userPassword: secret
|
||||
|
||||
dn: ou=People,dc=example,dc=com
|
||||
objectClass: organizationalUnit
|
||||
ou: People
|
||||
|
@ -191,6 +191,17 @@ if test $RC != 0 ; then
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
AUTHZID="u:it/jaj"
|
||||
echo "Checking another DB's rootdn can't assert identity from another DB..."
|
||||
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID"
|
||||
|
||||
RC=$?
|
||||
if test $RC != 1 ; then
|
||||
echo "ldapwhoami should have failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
ID="uid=jaj,ou=People,dc=example,dc=it"
|
||||
BASE="o=Example,c=US"
|
||||
echo "Testing ldapsearch as $ID for \"$BASE\"..."
|
||||
@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
ID="manager"
|
||||
AUTHZID="u:it/jaj"
|
||||
echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..."
|
||||
$LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \
|
||||
-Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID
|
||||
|
||||
RC=$?
|
||||
if test $RC != 50 ; then
|
||||
echo "ldapwhoami should have failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
echo "Filtering ldapsearch results..."
|
||||
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
|
||||
echo "Filtering original ldif used to create database..."
|
||||
|
Loading…
Reference in New Issue
Block a user