mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-26 17:49:59 -05:00
cfa6c07c0e
Define a regression test case for modifying pwdLastSuccess that also uses SASL/EXTERNAL for the chain database
119 lines
2.6 KiB
Bash
Executable file
119 lines
2.6 KiB
Bash
Executable file
#!/bin/sh
|
|
openssl=$(which openssl)
|
|
|
|
if [ x"$openssl" = "x" ]; then
|
|
echo "OpenSSL command line binary not found, skipping..."
|
|
fi
|
|
|
|
KEY_BITS=4096
|
|
KEY_TYPE=rsa:$KEY_BITS
|
|
|
|
USAGE="$0 [-s] [-l] [-u <user@domain.com>]"
|
|
SERVER=0
|
|
USER=0
|
|
LDAP_USER=0
|
|
EMAIL=
|
|
|
|
while test $# -gt 0 ; do
|
|
case "$1" in
|
|
-s | -server)
|
|
SERVER=1;
|
|
shift;;
|
|
-u | -user)
|
|
if [ x"$2" = "x" ]; then
|
|
echo "User cert requires an email address as an argument"
|
|
exit;
|
|
fi
|
|
USER=1;
|
|
EMAIL="$2";
|
|
shift; shift;;
|
|
-l | -ldap)
|
|
LDAP_USER=1;
|
|
shift;;
|
|
-)
|
|
shift;;
|
|
-*)
|
|
echo "$USAGE"; exit 1
|
|
;;
|
|
*)
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
if [ $SERVER = 0 -a $USER = 0 -a $LDAP_USER = 0 ]; then
|
|
echo "$USAGE";
|
|
exit 1;
|
|
fi
|
|
|
|
cleanup() {
|
|
|
|
rm -rf ./openssl.cnf cruft
|
|
if [ $SERVER = 1 ]; then
|
|
rm -f localhost.csr
|
|
fi
|
|
if [ $USER = 1 ]; then
|
|
rm -f $EMAIL.csr
|
|
fi
|
|
if [ $LDAP_USER = 1 ]; then
|
|
rm -f ldap-server.csr
|
|
fi
|
|
|
|
}
|
|
|
|
setup() {
|
|
mkdir -p private certs cruft/private cruft/certs
|
|
|
|
echo "00" > cruft/serial
|
|
touch cruft/index.txt
|
|
touch cruft/index.txt.attr
|
|
hn=$(hostname -f)
|
|
sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf > ./openssl.cnf
|
|
}
|
|
|
|
if [ $SERVER = 1 ]; then
|
|
|
|
$(cleanup)
|
|
$(setup)
|
|
$openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \
|
|
-newkey $KEY_TYPE -config ./openssl.cnf \
|
|
-subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
|
|
-batch > /dev/null 2>&1
|
|
|
|
$openssl ca -out certs/localhost.crt -notext -config ./openssl.cnf -days 183000 -in localhost.csr \
|
|
-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
|
|
-batch >/dev/null 2>&1
|
|
|
|
fi
|
|
|
|
if [ $USER = 1 ]; then
|
|
|
|
$(cleanup)
|
|
$(setup)
|
|
|
|
$openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \
|
|
-newkey $KEY_TYPE -config ./openssl.cnf \
|
|
-subj "/emailAddress=$EMAIL/CN=$EMAIL/OU=OpenLDAP/O=OpenLDAP Foundation/ST=CA/C=US" \
|
|
-batch >/dev/null 2>&1
|
|
|
|
$openssl ca -out certs/$EMAIL.crt -notext -config ./openssl.cnf -days 183000 -in $EMAIL.csr \
|
|
-keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \
|
|
-cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1
|
|
|
|
fi
|
|
|
|
if [ $LDAP_USER = 1 ]; then
|
|
|
|
$(cleanup)
|
|
$(setup)
|
|
|
|
$openssl req -new -nodes -out ldap-server.csr -keyout private/ldap-server.key \
|
|
-newkey $KEY_TYPE -config ./openssl.cnf \
|
|
-subj "/CN=ldap-server/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
|
|
-batch > /dev/null 2>&1
|
|
|
|
$openssl ca -out certs/ldap-server.crt -notext -config ./openssl.cnf -days 183000 -in ldap-server.csr \
|
|
-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
|
|
-batch >/dev/null 2>&1
|
|
fi
|
|
|
|
$(cleanup)
|