o: Example, Inc.
dc: example
+dn: cn=Manager,o=Example,c=US
+objectClass: inetOrgPerson
+cn: Manager
+sn: Parson
+
dn: ou=People,o=Example,c=US
objectClass: organizationalUnit
ou: People
#######################################################################
authz-policy both
+authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
o: Example, Inc.
dc: example
+dn: cn=Manager,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Manager
+sn: Parson
+userPassword: secret
+
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
exit $RC
fi
+AUTHZID="u:it/jaj"
+echo "Checking another DB's rootdn can't assert identity from another DB..."
+$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID"
+
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
ID="uid=jaj,ou=People,dc=example,dc=it"
BASE="o=Example,c=US"
echo "Testing ldapsearch as $ID for \"$BASE\"..."
exit $RC
fi
+ ID="manager"
+ AUTHZID="u:it/jaj"
+ echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..."
+ $LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \
+ -Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID
+
+ RC=$?
+ if test $RC != 50 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
projects / thirdparty / openldap.git / commitdiff
