upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#9343 Allow Compare to check pwdPolicySubentry

Browse source
This commit is contained in:
Ondřej Kuzník 2022-03-03 10:54:34 +00:00 committed by Quanah Gibson-Mount
parent 6a903a8cf1
commit fbfb5454cd
2 changed files with 70 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
servers/slapd/overlays/ppolicy.c
View file

@ -2453,6 +2453,36 @@ ppolicy_compare(
return rs->sr_err;
}
}
if ( op->orc_ava->aa_desc == ad_pwdPolicySubentry ) {
BerVarray vals = NULL;
int rc;
rc = backend_attribute( op, NULL, &op->o_req_ndn,
ad_pwdPolicySubentry, &vals, ACL_COMPARE );
if ( rc != LDAP_SUCCESS ) {
/* Defer to the DB */
return SLAP_CB_CONTINUE;
}
if ( value_find_ex( ad_pwdPolicySubentry,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
vals, &op->orc_ava->aa_value, op->o_tmpmemctx ) == 0 )
{
rc = LDAP_COMPARE_TRUE;
} else {
rc = LDAP_COMPARE_FALSE;
}
if ( vals ) {
ber_bvarray_free_x( vals, op->o_tmpmemctx );
}
send_ldap_error( op, rs, rc, NULL );
return rs->sr_err;
}
return SLAP_CB_CONTINUE;
}

40
tests/scripts/test022-ppolicy
View file

@ -496,6 +496,16 @@ if test $RC != 0 ; then
exit $RC
fi
$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \
"$USER" "pwdPolicySubentry:cn=Idle Expiration Policy, ou=Policies, dc=example, dc=com" \
>> $TESTOUT 2>&1
RC=$?
if test $RC != 6 ; then
echo "ldapcompare failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
$LDAPSEARCH -e ppolicy -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base > $SEARCHOUT 2>&1
@ -532,6 +542,16 @@ if test $RC != 0 ; then
exit $RC
fi
$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \
"$USER" "pwdPolicySubentry:cn=Standard Policy, ou=Policies, dc=example, dc=com" \
>> $TESTOUT 2>&1
RC=$?
if test $RC != 6 ; then
echo "ldapcompare failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then
echo ""
echo "Setting up policy state forwarding test..."
@ -720,6 +740,16 @@ if test $RC != 0 ; then
exit $RC
fi
$LDAPCOMPARE -D "$MANAGERDN" -H $URI1 -w $PASSWD \
"$USER" "pwdPolicySubentry:cn=Stricter Policy, ou=Policies, dc=example, dc=com" \
>> $TESTOUT 2>&1
RC=$?
if test $RC != 6 ; then
echo "ldapcompare failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
$LDAPMODIFY -v -D cn=config -H $URI2 -y $CONFIGPWF >> \
$TESTOUT 2>&1 << EOMODS
dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
@ -736,6 +766,16 @@ if test $RC != 0 ; then
exit $RC
fi
$LDAPCOMPARE -D "$MANAGERDN" -H $URI2 -w $PASSWD \
"$USER" "pwdPolicySubentry:cn=Stricter Policy, ou=Policies, dc=example, dc=com" \
>> $TESTOUT 2>&1
RC=$?
if test $RC != 6 ; then
echo "ldapcompare failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
OLDPASS=$PASS
PASS=newpass
$LDAPPASSWD -H $URI1 \