preliminary version of limits test

tests/data/slapd-limits.conf

@@ -0,0 +1,53 @@
+# master slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2004 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+ucdata-path	./ucdata
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+
+pidfile     ./testrun/slapd.1.pid
+argsfile    ./testrun/slapd.1.args
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+
+#######################################################################
+# ldbm database definitions
+#######################################################################
+
+database	@BACKEND@
+suffix		"o=University of Michigan,c=US"
+directory	./testrun/db.1.a
+rootdn		"cn=Manager,o=University of Michigan,c=US"
+rootpw		secret
+#ldbm#index		objectClass eq
+#ldbm#index		uid eq
+#bdb#index		objectClass eq
+#bdb#index		uid eq
+
+limits	dn.exact="cn=Unlimited User,ou=People,o=University of Michigan,c=US" size=none time=none
+limits	dn.exact="cn=Soft Limited User,ou=People,o=University of Michigan,c=US" size.soft=4 size.hard=none
+limits	dn.exact="cn=Hard Limited User,ou=People,o=University of Michigan,c=US" size.soft=4 size.hard=8
+limits	dn.exact="cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US" size.unchecked=4
+limits	group="cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US" size.unchecked=4
+limits	dn.regex="^cn=Foo User,ou=[^,]+,o=University of Michigan,c=US$" size.unchecked=4
+limits	dn.onelevel="ou=People,o=University of Michigan,c=US" size.unchecked=4
+limits	dn.children="ou=Groups,o=University of Michigan,c=US" size.unchecked=4
+limits	dn.subtree="ou=Admin,o=University of Michigan,c=US" size.unchecked=4
+limits	users size.unchecked=4
+limits	anonymous size.unchecked=4

tests/data/test-limits.ldif

@@ -0,0 +1,107 @@
+#LEAD COMMENT
+dn: o=University of Michigan,c=US
+#EMBEDDED COMMENT
+objectclass: organization
+objectclass: domainRelatedObject
+l: Ann Arbor, Michigan
+st: Michigan
+o: University of Michigan
+o: UMICH
+o: UM
+o: U-M
+o: U of M
+description: The University of Michigan at Ann Arbor
+postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481
+ 09 $ US
+telephonenumber: +1 313 764-1817
+associateddomain: example.com
+
+dn: ou=People,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: People
+
+dn: cn=Unlimited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unlimited User
+sn: User
+uid: unlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Soft Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Soft Limited User
+sn: User
+uid: softlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Hard Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Hard Limited User
+sn: User
+uid: hardlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User
+sn: User
+uid: uncheckedlimited
+userpassword:: c2VjcmV0
+
+dn: cn=Other User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Other User
+sn: User
+uid: other
+userpassword:: c2VjcmV0
+
+dn: cn=Foo User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Foo User
+sn: User
+uid: foo
+userpassword:: c2VjcmV0
+
+dn: cn=Bar User,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Bar User
+sn: User
+uid: bar
+userpassword:: c2VjcmV0
+
+dn: cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 2
+sn: User 2
+uid: uncheckedlimited2
+userpassword:: c2VjcmV0
+
+dn: ou=Groups,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: Groups
+
+dn: cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US
+objectClass: groupOfNames
+objectClass: simpleSecurityObject
+cn: Unchecked Limited Users
+userpassword:: c2VjcmV0
+member: cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US
+
+dn: ou=Admin,o=University of Michigan,c=US
+objectclass: organizationalUnit
+ou: Admin
+
+dn: cn=Unchecked Limited User 3,ou=Admin,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Unchecked Limited User 3
+sn: User 3
+uid: uncheckedlimited3
+userpassword:: c2VjcmV0
+
+dn: cn=Special User,o=University of Michigan,c=US
+objectclass: OpenLDAPperson
+cn: Special User
+sn: User
+uid: special
+userpassword:: c2VjcmV0
+

tests/scripts/defines.sh

@@ -56,6 +56,7 @@ SCHEMACONF=$DATADIR/slapd-schema.conf
 GLUECONF=$DATADIR/slapd-glue.conf
 REFINTCONF=$DATADIR/slapd-refint.conf
 UNIQUECONF=$DATADIR/slapd-unique.conf
+LIMITSCONF=$DATADIR/slapd-limits.conf
 
 CONF1=$TESTDIR/slapd.1.conf
 CONF2=$TESTDIR/slapd.2.conf
@@ -123,6 +124,7 @@ LDIFLANGOUT=$DATADIR/lang-out.ldif
 LDIFREF=$DATADIR/referrals.ldif
 LDIFREFINT=$DATADIR/test-refint.ldif
 LDIFUNIQUE=$DATADIR/test-unique.ldif
+LDIFLIMITS=$DATADIR/test-limits.ldif
 MONITOR=""
 REFDN="c=US"
 BASEDN="o=University of Michigan,c=US"

tests/scripts/test025-limits

@@ -0,0 +1,432 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2004 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFLIMITS
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $CONF1
+$SLAPINDEX -f $CONF1
+RC=$?
+if test $RC != 0 ; then
+	echo "warning: slapindex failed ($RC)"
+	echo "  assuming no indexing support"
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+    echo PID $PID
+    read foo
+fi
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+		'(objectclass=*)' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Testing no limits requested for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' >$SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success (got $COUNT entries)"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+SIZELIMIT=2
+echo "Testing size limit request ($SIZELIMIT) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+	-D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success (got $COUNT entries)"
+	;;
+	4)
+		echo "...bumped into requested size limit ($SIZELIMIT)"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+TIMELIMIT=10
+echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \
+	-D 'cn=Unlimited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success (got $COUNT entries)"
+	;;
+	3)
+		echo "...bumped into requested time limit ($TIMELIMIT s; $COUNT entries)"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing no limits requested for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side size limit (got $COUNT entries)"
+	;;
+	4)
+		echo "...bumped into server-side size limit ($COUNT)"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+	-D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+	;;
+	4)
+		if test "x$COUNT" != "x" ; then
+			if test $SIZELIMIT = $COUNT ; then
+				echo "...bumped into requested ($SIZELIMIT) size limit"
+			else
+				echo "...bumped into server-side size limit ($COUNT)"
+			fi
+		else
+			echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+		fi
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+	-D 'cn=Soft Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+	;;
+	4)
+		if test "x$COUNT" != "x" ; then
+			if test $SIZELIMIT = $COUNT ; then
+				echo "...bumped into requested ($SIZELIMIT) size limit"
+			else
+				echo "...bumped into server-side size limit ($COUNT)"
+			fi
+		else
+			echo "...bumped into either requested ($SIZELIMIT) or server-side size limit"
+		fi
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+SIZELIMIT=2
+echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+	-D 'cn=Hard Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+	;;
+	4)
+		echo "...bumped into requested ($SIZELIMIT) size limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+SIZELIMIT=100
+echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \
+	-D 'cn=Hard Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)"
+	;;
+	4)
+		echo "...bumped into requested ($SIZELIMIT) size limit"
+	;;
+	11)
+		echo "...bumped into server-side size limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing lower than unchecked limit request for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US' \
+	'(uid=uncheckedlimited)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited ID..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unchecked Limited User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited group..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unchecked Limited User 2,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited regex..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Foo User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited onelevel..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Bar User,ou=People,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited children..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unchecked Limited Users,ou=Groups,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited subtree..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Unchecked Limited User 3,ou=Admin,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited users..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \
+	-D 'cn=Special User,o=University of Michigan,c=US' \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+echo "Testing higher than unchecked limit requested for unchecked limited anonymous..."
+$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	'(objectClass=*)' > $SEARCHOUT 2>&1
+RC=$?
+COUNT=`cat $SEARCHOUT | grep '^# numEntries:' | sed 's;.*\([0-9]\+\)$;\1;'`
+case $RC in
+	0)
+		echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)"
+	;;
+	11)
+		echo "...bumped into server-side unchecked limit"
+	;;
+	*)
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+exit 0