mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-28 02:29:34 -05:00
b73b0c6158
ldapsearch:
use draft guidelines for determining when to use
-t only writes binary attributes to files
-tt writes all attributes to files
output now lists URL instead of path to such files
-T dir can be used to specify directory to create temp files in
-V urlprefix can be used to change the URL prefix
LDIF is now commented (can be disabled using -LL)
LDIF now contains version attribute (can be disabled with -LLL)
LDIF:
put interface changed to allow caller to specify how to encode
put interface uses draft guidelines for determine when to base64 encode
wrapping kludged to match old off by one bug
Tests:
removed trailing space from some attributes (to avoid base64 encoding)
enabled -LLL in defines.sh (should sed output to remove
wrapping/comments/redundant separators)
Misc:
updated codes outputting LDIF to use new put interface
TODO:
handling of version attribute on input
handling of URLs on input (ie: fetch URL)
134 lines
3.2 KiB
Bash
Executable file
134 lines
3.2 KiB
Bash
Executable file
#! /bin/sh
|
|
|
|
if test $# -eq 0 ; then
|
|
SRCDIR="."
|
|
else
|
|
SRCDIR=$1; shift
|
|
fi
|
|
if test $# -eq 1 ; then
|
|
BACKEND=$1; shift
|
|
fi
|
|
|
|
echo "running defines.sh $SRCDIR $BACKEND"
|
|
. $SRCDIR/scripts/defines.sh
|
|
|
|
echo "Cleaning up in $DBDIR..."
|
|
|
|
rm -f $DBDIR/[!C]*
|
|
|
|
echo "Running ldif2ldbm to build slapd database..."
|
|
$LDIF2LDBM -f $CONF -i $LDIF -e ../servers/slapd/tools
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldif2ldbm failed!"
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Starting slapd on TCP/IP port $PORT..."
|
|
$SLAPD -f $ACLCONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
|
|
PID=$!
|
|
|
|
echo "Testing slapd access control..."
|
|
for i in 0 1 2 3 4 5; do
|
|
$LDAPSEARCH -s base -b "$MONITOR" -h localhost -p $PORT \
|
|
'objectclass=*' > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC = 1 ; then
|
|
echo "Waiting 5 seconds for slapd to start..."
|
|
sleep 5
|
|
fi
|
|
done
|
|
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed!"
|
|
kill -HUP $PID
|
|
exit $RC
|
|
fi
|
|
|
|
cat /dev/null > $SEARCHOUT
|
|
|
|
#
|
|
# Try to read an entry inside the Alumni Association container. It should
|
|
# give us nothing if we're not bound, and should return all attributes
|
|
# if we're bound as anyone under UM.
|
|
#
|
|
$LDAPSEARCH -b "$JAJDN" -h localhost -p $PORT "objectclass=*" \
|
|
>> $SEARCHOUT 2>&1
|
|
|
|
$LDAPSEARCH -b "$JAJDN" -h localhost -p $PORT \
|
|
-D "$BABSDN" -w bjensen "objectclass=*" >> $SEARCHOUT 2>&1
|
|
|
|
|
|
#
|
|
# Try to add a "member" attribute to the "All Staff" group. It should
|
|
# fail when we add some DN other than our own, and should succeed when
|
|
# we add our own DN.
|
|
# bjensen
|
|
$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj > \
|
|
$TESTOUT 2>&1 << EOMODS1
|
|
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
|
|
changetype: modify
|
|
add: member
|
|
member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US
|
|
|
|
EOMODS1
|
|
|
|
$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj >> \
|
|
$TESTOUT 2>&1 << EOMODS2
|
|
|
|
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
|
|
changetype: modify
|
|
add: member
|
|
member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Michigan, c=US
|
|
EOMODS2
|
|
|
|
#
|
|
# Try to modify the "All Staff" group. Two attempts are made:
|
|
# 1) bound as "James A Jones 1" - should fail
|
|
# 2) bound as "Barbara Jensen" - should succeed
|
|
#
|
|
$LDAPMODIFY -D "$JAJDN" -h localhost -p $PORT -w jaj >> \
|
|
$TESTOUT 2>&1 << EOMODS3
|
|
|
|
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
|
|
changetype: modify
|
|
delete: member
|
|
|
|
EOMODS3
|
|
|
|
$LDAPMODIFY -D "$BJORNSDN" -h localhost -p $PORT -w bjorn >> \
|
|
$TESTOUT 2>&1 << EOMODS4
|
|
dn: cn=ITD Staff, ou=Groups, o=University of Michigan, c=US
|
|
changetype: modify
|
|
add: telephonenumber
|
|
telephonenumber: +1 810 555 1212
|
|
EOMODS4
|
|
|
|
echo "Using ldapsearch to retrieve all the entries..."
|
|
$LDAPSEARCH -S "" -b "$BASEDN" -h localhost -p $PORT \
|
|
'objectClass=*' | . $SRCDIR/scripts/acfilter.sh >> $SEARCHOUT 2>&1
|
|
RC=$?
|
|
kill -HUP $PID
|
|
if test $RC != 0 ; then
|
|
echo "ldapsearch failed!"
|
|
exit $RC
|
|
fi
|
|
|
|
LDIF=$ACLOUTMASTER
|
|
|
|
echo "Filtering ldapsearch results..."
|
|
. $SRCDIR/scripts/acfilter.sh < $SEARCHOUT > $SEARCHFLT
|
|
echo "Filtering original ldif used to create database..."
|
|
. $SRCDIR/scripts/acfilter.sh < $LDIF > $LDIFFLT
|
|
echo "Comparing filter output..."
|
|
cmp $SEARCHFLT $LDIFFLT
|
|
|
|
if test $? != 0 ; then
|
|
echo "comparison failed - modify operations did not complete correctly"
|
|
exit 1
|
|
fi
|
|
|
|
echo ">>>>> Test succeeded"
|
|
|
|
|
|
exit 0
|