mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-15 03:01:09 +08:00
798 lines
21 KiB
Bash
Executable File
798 lines
21 KiB
Bash
Executable File
#! /bin/sh
|
|
# $OpenLDAP$
|
|
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
##
|
|
## Copyright 2004-2019 The OpenLDAP Foundation.
|
|
## All rights reserved.
|
|
##
|
|
## Redistribution and use in source and binary forms, with or without
|
|
## modification, are permitted only as authorized by the OpenLDAP
|
|
## Public License.
|
|
##
|
|
## A copy of this license is available in the file LICENSE in the
|
|
## top-level directory of the distribution or, alternatively, at
|
|
## <http://www.OpenLDAP.org/license.html>.
|
|
|
|
echo "running defines.sh"
|
|
. $SRCDIR/scripts/defines.sh
|
|
|
|
if test $UNIQUE = uniqueno; then
|
|
echo "Attribute Uniqueness overlay not available, test skipped"
|
|
exit 0
|
|
fi
|
|
|
|
RCODEconstraint=19
|
|
test $BACKEND = null && RCODEconstraint=0
|
|
|
|
mkdir -p $TESTDIR $DBDIR1
|
|
|
|
$SLAPPASSWD -g -n >$CONFIGPWF
|
|
echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
|
|
|
|
echo "Running slapadd to build slapd database..."
|
|
. $CONFFILTER $BACKEND $MONITORDB < $UNIQUECONF > $CONF1
|
|
$SLAPADD -f $CONF1 -l $LDIFUNIQUE
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "slapadd failed ($RC)!"
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Starting slapd on TCP/IP port $PORT1..."
|
|
mkdir $TESTDIR/confdir
|
|
$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
|
|
PID=$!
|
|
if test $WAIT != 0 ; then
|
|
echo PID $PID
|
|
read foo
|
|
fi
|
|
KILLPIDS="$PID"
|
|
|
|
sleep 1
|
|
|
|
echo "Testing slapd attribute uniqueness operations..."
|
|
for i in 0 1 2 3 4 5; do
|
|
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
|
|
'objectclass=*' > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC = 0 ; then
|
|
break
|
|
fi
|
|
echo "Waiting 5 seconds for slapd to start..."
|
|
sleep 5
|
|
done
|
|
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Adding a unique record..."
|
|
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
> /dev/null << EOTUNIQ1
|
|
dn: uid=dave,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
objectClass: simpleSecurityObject
|
|
uid: dave
|
|
sn: nothere
|
|
cn: dave
|
|
businessCategory: otest
|
|
carLicense: TEST
|
|
departmentNumber: 42
|
|
# NOTE: use special chars in attr value to be used
|
|
# in internal searches ITS#4212
|
|
displayName: Dave (ITS#4212)
|
|
employeeNumber: 69
|
|
employeeType: contractor
|
|
givenName: Dave
|
|
userpassword: $PASSWD
|
|
EOTUNIQ1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapadd failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Adding a non-unique record..."
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Trying to bypass uniqueness as a normal user..."
|
|
$LDAPADD -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Bypassing uniqueness as an admin user..."
|
|
$LDAPADD -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "spurious unique error ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Cleaning up"
|
|
$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
"uid=bill,ou=users,o=unique" > $TESTOUT 2>&1
|
|
RC=$?
|
|
if test $RC != 0; then
|
|
echo "ldapdelete failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo Dynamically retrieving initial configuration...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif
|
|
cat <<EOF >$TESTDIR/initial-reference.ldif
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: {0}unique
|
|
olcUniqueBase: o=unique
|
|
olcUniqueAttribute: employeeNumber
|
|
olcUniqueAttribute: displayName
|
|
|
|
EOF
|
|
diff $TESTDIR/initial-config.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Initial configuration is not reported correctly."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically trying to add a URI with legacy attrs present...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueURI
|
|
olcUniqueURI: ldap:///?employeeNumber,displayName?sub
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "legacy and unique_uri allowed together"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically trying to add legacy ignored attrs with legacy attrs present...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueIgnore
|
|
olcUniqueIgnore: objectClass
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "legacy attrs and legacy ignore attrs allowed together"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Verifying initial configuration intact...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config-recheck.ldif
|
|
diff $TESTDIR/initial-config-recheck.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Initial configuration damaged by unsuccessful modifies."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically removing legacy base...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
delete: olcUniqueBase
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "base removal failed"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Verifying base removal...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/baseremoval-config.ldif
|
|
cat >$TESTDIR/baseremoval-reference.ldif <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: {0}unique
|
|
olcUniqueAttribute: employeeNumber
|
|
olcUniqueAttribute: displayName
|
|
|
|
EOF
|
|
diff $TESTDIR/baseremoval-config.ldif $TESTDIR/baseremoval-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Configuration damaged by base removal"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a non-unique record..."
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Trying a legacy base outside of the backend...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueBase
|
|
olcUniqueBase: cn=config
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "out of backend scope base allowed"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding and removing attrs..."
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueAttribute
|
|
olcUniqueAttribute: description
|
|
olcUniqueAttribute: telephoneNumber
|
|
-
|
|
delete: olcUniqueAttribute
|
|
olcUniqueAttribute: displayName
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Unable to remove an attribute"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Verifying we removed the right attr..."
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "olcUniqueAttribute single deletion hit the wrong value"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Removing legacy config and adding URIs...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
delete: olcUniqueAttribute
|
|
-
|
|
add: olcUniqueURI
|
|
olcUniqueURI: ldap:///?employeeNumber,displayName?sub
|
|
olcUniqueURI: ldap:///?description?one
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Reconfiguration to URIs failed"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically retrieving second configuration...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config.ldif
|
|
cat >$TESTDIR/second-reference.ldif <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: {0}unique
|
|
olcUniqueURI: ldap:///?employeeNumber,displayName?sub
|
|
olcUniqueURI: ldap:///?description?one
|
|
|
|
EOF
|
|
diff $TESTDIR/second-config.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Second configuration is not reported correctly."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a non-unique record..."
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOTUNIQ2
|
|
dn: uid=bill,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: bill
|
|
sn: johnson
|
|
cn: bill
|
|
businessCategory: rtest
|
|
carLicense: ABC123
|
|
departmentNumber: 42
|
|
displayName: Bill
|
|
employeeNumber: 5150
|
|
employeeType: contractor
|
|
givenName: Bill
|
|
EOTUNIQ2
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically trying to add legacy base
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueBase
|
|
olcUniqueBase: o=unique
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "legacy base allowed with URIs"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically trying to add legacy attrs
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueAttribute
|
|
olcUniqueAttribute: description
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "legacy attributes allowed with URIs"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically trying to add legacy strictness
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueStrict
|
|
olcUniqueStrict: TRUE
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "legacy strictness allowed with URIs"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
#echo ----------------------
|
|
echo Dynamically trying a bad filter...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
replace: olcUniqueURI
|
|
olcUniqueURI: ldap:///?sn?sub?((cn=e*))
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 80 ; then
|
|
echo "bad filter allowed"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Verifying second configuration intact...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config-recheck.ldif
|
|
diff $TESTDIR/second-config-recheck.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Second configuration damaged by rejected modifies."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
#echo ----------------------
|
|
echo Dynamically reconfiguring to use different URIs...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
add: olcUniqueURI
|
|
olcUniqueURI: ldap:///?sn?sub?(cn=e*)
|
|
olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
|
|
-
|
|
delete: olcUniqueURI
|
|
olcUniqueURI: ldap:///?description?one
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "unable to reconfigure"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically retrieving third configuration...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/third-config.ldif
|
|
cat >$TESTDIR/third-reference.ldif <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: {0}unique
|
|
olcUniqueURI: ldap:///?employeeNumber,displayName?sub
|
|
olcUniqueURI: ldap:///?sn?sub?(cn=e*)
|
|
olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
|
|
|
|
EOF
|
|
diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Third configuration is not reported correctly."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a record unique in both domains if filtered..."
|
|
|
|
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=edgar,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: edgar
|
|
sn: johnson
|
|
cn: edgar
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a record unique in all domains because of filter conditions "
|
|
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: edgar
|
|
cn: empty
|
|
sn: empty
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "spurious unique error ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Sending an empty modification"
|
|
|
|
$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
changetype: modify
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "spurious unique error ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Making a record non-unique"
|
|
$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
changetype: modify
|
|
replace: sn
|
|
sn: johnson
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Trying to bypass uniqueness as a normal user..."
|
|
$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
changetype: modify
|
|
replace: sn
|
|
sn: johnson
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Bypassing uniqueness as an admin user..."
|
|
$LDAPMODIFY -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
changetype: modify
|
|
replace: sn
|
|
sn: johnson
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "spurious unique error ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Cleaning up"
|
|
$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=empty,ou=users,o=unique
|
|
changetype: modify
|
|
replace: sn
|
|
sn: empty
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0; then
|
|
echo "ldapmodify failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Adding another unique record..."
|
|
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=not edgar,uid=edgar,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: not edgar
|
|
sn: Alan
|
|
cn: not edgar
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Making the record non-unique with modrdn..."
|
|
$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
"uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Trying to bypass uniqueness as a normal user..."
|
|
$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
"uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
# ITS#6641/8057
|
|
echo "Bypassing uniqueness as an admin user..."
|
|
$LDAPMODRDN -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
"uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "spurious unique error ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Cleaning up"
|
|
$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
|
|
"uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1
|
|
RC=$?
|
|
if test $RC != 0; then
|
|
echo "ldapdelete failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Adding a record unique in one domain, non-unique in the filtered domain..."
|
|
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=elvis,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: elvis
|
|
sn: johnson
|
|
cn: elvis
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
#echo ----------------------
|
|
echo Dynamically reconfiguring to use attribute-ignore URIs...
|
|
$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
|
|
> $TESTOUT 2>&1 <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
changetype: modify
|
|
replace: olcUniqueURI
|
|
olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub
|
|
EOF
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "unable to reconfigure"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo Dynamically retrieving fourth configuration...
|
|
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/fourth-config.ldif
|
|
cat >$TESTDIR/fourth-reference.ldif <<EOF
|
|
dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: {0}unique
|
|
olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub
|
|
|
|
EOF
|
|
diff $TESTDIR/fourth-config.ldif $TESTDIR/fourth-reference.ldif > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "Fourth configuration is not reported correctly."
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a record unique in the ignore-domain..."
|
|
|
|
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=elvis,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: elvis
|
|
sn: johnson
|
|
cn: elvis
|
|
description: left the building
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
echo "Adding a record non-unique in the ignore-domain..."
|
|
|
|
$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
|
|
$TESTOUT 2>&1 << EOF
|
|
dn: uid=harry,ou=users,o=unique
|
|
objectClass: inetOrgPerson
|
|
uid: harry
|
|
sn: johnson
|
|
cn: harry
|
|
description: left the building
|
|
EOF
|
|
|
|
RC=$?
|
|
if test $RC != $RCODEconstraint ; then
|
|
echo "unique check failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
fi
|
|
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
|
|
echo ">>>>> Test succeeded"
|
|
|
|
test $KILLSERVERS != no && wait
|
|
|
|
exit 0
|