add group ACL test

update oc in ad list test
2026-02-19 02:28:47 -05:00 · 2002-09-17 04:27:48 +00:00 · 2002-09-17 04:27:48 +00:00 · c2f7d8bc57
commit c2f7d8bc57
parent 3e71e73f89
4 changed files with 30 additions and 2 deletions
--- a/tests/data/acl.out.master
+++ b/tests/data/acl.out.master
@ -83,6 +83,7 @@ homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103
 description: Mythical manager of the rsdd unix project
 drink: water
 homephone: +1 313 555 2333
+homephone: +1 313 555 5444
 pager: +1 313 555 3233
 facsimiletelephonenumber: +1 313 555 2274
 telephonenumber: +1 313 555 9022
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@ -61,6 +61,10 @@ access		to filter="(objectclass=groupofnames)"
 		by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
 		by * break

+access		to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+		by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
+		by * read
+
 access	to filter="(name=X*Y*Z)"
 		by * continue

--- a/tests/scripts/test000-rootdse
+++ b/tests/scripts/test000-rootdse
@ -39,7 +39,7 @@ fi

 echo "Using ldapsearch to retrieve the root DSE..."
 for i in 0 1 2 3 4 5; do
-	$LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT 'extensibleObject' > $SEARCHOUT 2>&1
+	$LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT '+extensibleObject' > $SEARCHOUT 2>&1
 	RC=$?
 	if test $RC = 0 ; then
 		break
@ -50,7 +50,7 @@ done

 if test $RC = 0 -a $MONITORDB = yes ; then
 	echo "Using ldapsearch to retrieve the cn=Monitor..."
-	$LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT 'extensibleObject' >> $SEARCHOUT 2>&1
+	$LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT -- '-extensibleObject' >> $SEARCHOUT 2>&1
 	RC=$?
 fi

--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@ -73,6 +73,29 @@ $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT "objectclass=*" \
 $LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT \
 	-D "$BABSDN" -w bjensen "objectclass=*"  >> $SEARCHOUT 2>&1

+#
+# Check group access. Try to modify Babs' entry. Two attempts:
+# 1) bound as "James A Jones 1" - should fail
+# 2) bound as "Bjorn Jensen" - should succeed
+
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT -w jaj >> \
+	$TESTOUT 2>&1 << EOMODS5
+dn: $BABSDN
+changetype: modify
+replace: drink
+drink: wine
+
+EOMODS5
+
+
+$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS6
+dn: $BABSDN
+changetype: modify
+add: homephone
+homephone: +1 313 555 5444
+
+EOMODS6

 #
 # Try to add a "member" attribute to the "All Staff" group.  It should