ITS#9038 Update test028 to test this is enforced

This commit is contained in:
Ondřej Kuzník 2019-06-19 18:47:32 +02:00
parent fbe5611e60
commit eb5a58487b
4 changed files with 36 additions and 0 deletions

View File

@ -4,6 +4,11 @@ objectClass: dcObject
o: Example, Inc.
dc: example
dn: cn=Manager,o=Example,c=US
objectClass: inetOrgPerson
cn: Manager
sn: Parson
dn: ou=People,o=Example,c=US
objectClass: organizationalUnit
ou: People

View File

@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args
#######################################################################
authz-policy both
authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"

View File

@ -4,6 +4,12 @@ objectClass: dcObject
o: Example, Inc.
dc: example
dn: cn=Manager,dc=example,dc=com
objectClass: inetOrgPerson
cn: Manager
sn: Parson
userPassword: secret
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

View File

@ -191,6 +191,17 @@ if test $RC != 0 ; then
exit $RC
fi
AUTHZID="u:it/jaj"
echo "Checking another DB's rootdn can't assert identity from another DB..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID="uid=jaj,ou=People,dc=example,dc=it"
BASE="o=Example,c=US"
echo "Testing ldapsearch as $ID for \"$BASE\"..."
@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then
exit $RC
fi
ID="manager"
AUTHZID="u:it/jaj"
echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..."
$LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \
-Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID
RC=$?
if test $RC != 50 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."