mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
71e78dd7f9
See "contrib/slapd-modules/comp_match/README" to understand what's the purpose of this patch is and how to use it.
165 lines
4.8 KiB
Bash
Executable file
165 lines
4.8 KiB
Bash
Executable file
#! /bin/sh
|
|
# $OpenLDAP$
|
|
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
##
|
|
## Copyright 1998-2004 The OpenLDAP Foundation.
|
|
## All rights reserved.
|
|
##
|
|
## Redistribution and use in source and binary forms, with or without
|
|
## modification, are permitted only as authorized by the OpenLDAP
|
|
## Public License.
|
|
##
|
|
## A copy of this license is available in the file LICENSE in the
|
|
## top-level directory of the distribution or, alternatively, at
|
|
## <http://www.OpenLDAP.org/license.html>.
|
|
|
|
echo "running defines.sh"
|
|
. $SRCDIR/scripts/defines.sh
|
|
|
|
## If you use this script then
|
|
## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
|
|
## and --enable-modules is configured yes
|
|
if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
|
|
echo "dynamic module disabled "
|
|
exit
|
|
fi
|
|
|
|
mkdir -p $TESTDIR $DBDIR1
|
|
|
|
## Make sure that you set a proper path to component matching
|
|
## module directory in $COMPCONF
|
|
## moduleload path/to/component/library/compmatch.la
|
|
## otherwise it fails to execute slapd
|
|
echo "Running slapadd to build slapd database..."
|
|
. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
|
|
$SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "slapadd failed ($RC)!"
|
|
echo "Be sure to have a certificate module in tests/data/comp_libs "
|
|
echo "The module is in openldap/contrib/slapd-modules/comp_match"
|
|
exit
|
|
fi
|
|
|
|
echo "Running slapindex to index slapd database..."
|
|
. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
|
|
$SLAPINDEX -f $CONF1
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "warning: slapindex failed ($RC)"
|
|
echo " assuming no indexing support"
|
|
fi
|
|
|
|
echo "Starting slapd on TCP/IP port $PORT1..."
|
|
$SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
|
|
PID=$!
|
|
if test $WAIT != 0 ; then
|
|
echo PID $PID
|
|
read foo
|
|
fi
|
|
KILLPIDS="$PID"
|
|
|
|
echo "Testing slapd searching..."
|
|
for i in 0 1 2 3 4 5; do
|
|
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
|
|
'objectclass=*' > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC = 0 ; then
|
|
break
|
|
fi
|
|
echo "Waiting 5 seconds for slapd to start..."
|
|
sleep 5
|
|
done
|
|
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
cat /dev/null > $SEARCHOUT
|
|
|
|
echo "Testing Component Filter Match RFC3687 Certificate searching:"
|
|
echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
|
|
|
|
FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
|
|
echo " f=$FILTER ..."
|
|
echo "# f=$FILTER ..." >> $SEARCHOUT
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
|
|
"$FILTER" >> $SEARCHOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
|
|
echo " f=$FILTER ..."
|
|
echo "# f=$FILTER ..." >> $SEARCHOUT
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
|
|
"$FILTER" >> $SEARCHOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule octetStringMatch, value \"US\" })"
|
|
echo " f=$FILTER ..."
|
|
echo "# f=$FILTER ..." >> $SEARCHOUT
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
|
|
"$FILTER" >> $SEARCHOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
|
|
echo " f=$FILTER ..."
|
|
echo "# f=$FILTER ..." >> $SEARCHOUT
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
|
|
"$FILTER" >> $SEARCHOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
|
|
echo " f=$FILTER ..."
|
|
echo "# f=$FILTER ..." >> $SEARCHOUT
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
|
|
"$FILTER" >> $SEARCHOUT 2>&1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
|
|
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
|
|
echo "Filtering ldapsearch results..."
|
|
. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
|
|
echo "Comparing filter output..."
|
|
$CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
|
|
|
|
if test $? != 0 ; then
|
|
echo "Comparison failed"
|
|
exit 1
|
|
fi
|
|
|
|
echo ">>>>> Test succeeded"
|
|
exit 0
|