diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-09-19 11:51:41 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-09-19 11:51:41 -0400 |
commit | 0e560c77761e581c7bcfeb728f28ba1045ff1597 (patch) | |
tree | 54447145e520b483f261d22712f0f03ece6af100 /tests | |
parent | abed694a1856101a80eee1575eb5c8b96e7c8fca (diff) | |
download | slapi-nis-0e560c77761e581c7bcfeb728f28ba1045ff1597.tar.gz slapi-nis-0e560c77761e581c7bcfeb728f28ba1045ff1597.tar.xz slapi-nis-0e560c77761e581c7bcfeb728f28ba1045ff1597.zip |
Add ignore-subtree and restrict-subtree settings
Add {nis,schema-compat}-ignore-subtree (subtrees under which we ignore
contents and updates )and {nis,schema-compat}-restrict-subtree (subtrees
out of which we ignore contents and updates, if set) settings, and
default the former to "cn=tasks,cn=config".
This should avoid cases where we're looking through the ldbm backend for
entries which have a dangling reference to a newly-added task (which,
because it's in the DSE, means we acquire an ldbm lock after acquiring
our internal lock) while also updating a compat entry after its source
entry is modified (for example, by the memberOf plugin, which results in
us attempting to acquire our lock while the ldbm lock is already held).
Diffstat (limited to 'tests')
40 files changed, 682 insertions, 0 deletions
diff --git a/tests/test37-schema-ignore/after.sh b/tests/test37-schema-ignore/after.sh new file mode 100755 index 0000000..0579ab2 --- /dev/null +++ b/tests/test37-schema-ignore/after.sh @@ -0,0 +1,5 @@ +#!/bin/sh +echo '[updated]' +search -b "cn=NIS Server,cn=plugins,cn=config" dn nis-domain nis-map | $LDIFSORT +echo '[result]' +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test37-schema-ignore/after.txt b/tests/test37-schema-ignore/after.txt new file mode 100644 index 0000000..cbbef96 --- /dev/null +++ b/tests/test37-schema-ignore/after.txt @@ -0,0 +1,20 @@ +[updated] +dn: cn=NIS Server,cn=plugins,cn=config + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: mac2name + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: name2mac +nis-map: name2mac2 + +[result] +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test37-schema-ignore/before.sh b/tests/test37-schema-ignore/before.sh new file mode 100755 index 0000000..b85c1ab --- /dev/null +++ b/tests/test37-schema-ignore/before.sh @@ -0,0 +1,2 @@ +#!/bin/sh +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test37-schema-ignore/before.txt b/tests/test37-schema-ignore/before.txt new file mode 100644 index 0000000..9c92512 --- /dev/null +++ b/tests/test37-schema-ignore/before.txt @@ -0,0 +1,7 @@ +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test37-schema-ignore/change.sh b/tests/test37-schema-ignore/change.sh new file mode 100755 index 0000000..0db2c95 --- /dev/null +++ b/tests/test37-schema-ignore/change.sh @@ -0,0 +1,15 @@ +#!/bin/sh +modify << EOF +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +changetype: modify +add: nis-map +nis-map: name2mac2 +- + +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +changetype: modify +add: member +member: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +- + +EOF diff --git a/tests/test37-schema-ignore/change.txt b/tests/test37-schema-ignore/change.txt new file mode 100644 index 0000000..50b0ac7 --- /dev/null +++ b/tests/test37-schema-ignore/change.txt @@ -0,0 +1,4 @@ +modifying entry "nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config" + +modifying entry "cn=g2,cn=groups,cn=accounts,dc=example,dc=com" + diff --git a/tests/test37-schema-ignore/description.txt b/tests/test37-schema-ignore/description.txt new file mode 100644 index 0000000..9248be6 --- /dev/null +++ b/tests/test37-schema-ignore/description.txt @@ -0,0 +1 @@ +ignore selected subtrees diff --git a/tests/test37-schema-ignore/dse.ldif b/tests/test37-schema-ignore/dse.ldif new file mode 100644 index 0000000..79e5e3a --- /dev/null +++ b/tests/test37-schema-ignore/dse.ldif @@ -0,0 +1,37 @@ +dn: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-group +schema-compat-container-group: cn=compat,cn=accounts,dc=example,dc=com +schema-compat-container-rdn: ou=group +schema-compat-check-access: yes +schema-compat-search-base: cn=groups,cn=Accounts,dc=example,dc=com +schema-compat-search-base: cn=managed-groups,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (&(objectClass=posixGroup)(gidNumber>=1500)) +schema-compat-entry-rdn: cn=%{cn} +schema-compat-entry-attribute: objectclass=extensibleObject +schema-compat-entry-attribute: memberUid=%deref_r("member","uid") +schema-compat-entry-attribute: memberCN=%deref_r("member","nis-map") +schema-compat-entry-attribute: gidNumber=%{gidNumber} +schema-compat-ignore-subtree: cn=NIS Server,cn=plugins,cn=config + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: name2mac +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%2") +nis-values-format: %{macaddress} %{cn} + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: mac2name +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%1") +nis-values-format: %{macaddress} %{cn} + diff --git a/tests/test37-schema-ignore/plugin-process-all.txt b/tests/test37-schema-ignore/plugin-process-all.txt new file mode 100644 index 0000000..fc7b80d --- /dev/null +++ b/tests/test37-schema-ignore/plugin-process-all.txt @@ -0,0 +1 @@ +verifying that we get called diff --git a/tests/test37-schema-ignore/userRoot.ldif b/tests/test37-schema-ignore/userRoot.ldif new file mode 100644 index 0000000..f450895 --- /dev/null +++ b/tests/test37-schema-ignore/userRoot.ldif @@ -0,0 +1,87 @@ +# users, accounts, example.com +dn: cn=users,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: users + +# groups, accounts, example.com +dn: cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# managed-groups, accounts, example.com +dn: cn=managed-groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# tuser1, users, accounts, example.com +dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +uid: tuser1 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1003 +gecos: tuser1 +sn: User +homeDirectory: /home/tuser1 +cn: Tim User +uidNumber: 1101 + +# tuser2, users, accounts, example.com +dn: uid=tuser2,cn=users,cn=accounts,dc=example,dc=com +uid: tuser2 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser2 +sn: User +homeDirectory: /home/tuser2 +cn: Timmy User +uidNumber: 1102 + +# tuser3, users, accounts, example.com +dn: uid=tuser3,cn=users,cn=accounts,dc=example,dc=com +uid: tuser3 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser3 +sn: User +homeDirectory: /home/tuser3 +cn: Timothy User +uidNumber: 1103 + +# g1, groups, accounts, example.com +dn: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 1001 +cn: g1 +description: g1 +member: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +member: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config + +# g2, groups, accounts, example.com +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 2002 +cn: g2 +description: g2 +member: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +member: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config + diff --git a/tests/test38-schema-restrict/after.sh b/tests/test38-schema-restrict/after.sh new file mode 100755 index 0000000..0579ab2 --- /dev/null +++ b/tests/test38-schema-restrict/after.sh @@ -0,0 +1,5 @@ +#!/bin/sh +echo '[updated]' +search -b "cn=NIS Server,cn=plugins,cn=config" dn nis-domain nis-map | $LDIFSORT +echo '[result]' +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test38-schema-restrict/after.txt b/tests/test38-schema-restrict/after.txt new file mode 100644 index 0000000..cbbef96 --- /dev/null +++ b/tests/test38-schema-restrict/after.txt @@ -0,0 +1,20 @@ +[updated] +dn: cn=NIS Server,cn=plugins,cn=config + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: mac2name + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: name2mac +nis-map: name2mac2 + +[result] +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test38-schema-restrict/before.sh b/tests/test38-schema-restrict/before.sh new file mode 100755 index 0000000..b85c1ab --- /dev/null +++ b/tests/test38-schema-restrict/before.sh @@ -0,0 +1,2 @@ +#!/bin/sh +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test38-schema-restrict/before.txt b/tests/test38-schema-restrict/before.txt new file mode 100644 index 0000000..9c92512 --- /dev/null +++ b/tests/test38-schema-restrict/before.txt @@ -0,0 +1,7 @@ +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test38-schema-restrict/change.sh b/tests/test38-schema-restrict/change.sh new file mode 100755 index 0000000..0db2c95 --- /dev/null +++ b/tests/test38-schema-restrict/change.sh @@ -0,0 +1,15 @@ +#!/bin/sh +modify << EOF +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +changetype: modify +add: nis-map +nis-map: name2mac2 +- + +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +changetype: modify +add: member +member: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +- + +EOF diff --git a/tests/test38-schema-restrict/change.txt b/tests/test38-schema-restrict/change.txt new file mode 100644 index 0000000..50b0ac7 --- /dev/null +++ b/tests/test38-schema-restrict/change.txt @@ -0,0 +1,4 @@ +modifying entry "nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config" + +modifying entry "cn=g2,cn=groups,cn=accounts,dc=example,dc=com" + diff --git a/tests/test38-schema-restrict/description.txt b/tests/test38-schema-restrict/description.txt new file mode 100644 index 0000000..78e51e5 --- /dev/null +++ b/tests/test38-schema-restrict/description.txt @@ -0,0 +1 @@ +restrict updates to selected subtrees diff --git a/tests/test38-schema-restrict/dse.ldif b/tests/test38-schema-restrict/dse.ldif new file mode 100644 index 0000000..402bbf2 --- /dev/null +++ b/tests/test38-schema-restrict/dse.ldif @@ -0,0 +1,37 @@ +dn: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-group +schema-compat-container-group: cn=compat,cn=accounts,dc=example,dc=com +schema-compat-container-rdn: ou=group +schema-compat-check-access: yes +schema-compat-search-base: cn=groups,cn=Accounts,dc=example,dc=com +schema-compat-search-base: cn=managed-groups,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (&(objectClass=posixGroup)(gidNumber>=1500)) +schema-compat-entry-rdn: cn=%{cn} +schema-compat-entry-attribute: objectclass=extensibleObject +schema-compat-entry-attribute: memberUid=%deref_r("member","uid") +schema-compat-entry-attribute: memberCN=%deref_r("member","nis-map") +schema-compat-entry-attribute: gidNumber=%{gidNumber} +schema-compat-restrict-subtree: cn=accounts,dc=example,dc=com + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: name2mac +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%2") +nis-values-format: %{macaddress} %{cn} + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: mac2name +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%1") +nis-values-format: %{macaddress} %{cn} + diff --git a/tests/test38-schema-restrict/plugin-process-all.txt b/tests/test38-schema-restrict/plugin-process-all.txt new file mode 100644 index 0000000..fc7b80d --- /dev/null +++ b/tests/test38-schema-restrict/plugin-process-all.txt @@ -0,0 +1 @@ +verifying that we get called diff --git a/tests/test38-schema-restrict/userRoot.ldif b/tests/test38-schema-restrict/userRoot.ldif new file mode 100644 index 0000000..f450895 --- /dev/null +++ b/tests/test38-schema-restrict/userRoot.ldif @@ -0,0 +1,87 @@ +# users, accounts, example.com +dn: cn=users,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: users + +# groups, accounts, example.com +dn: cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# managed-groups, accounts, example.com +dn: cn=managed-groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# tuser1, users, accounts, example.com +dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +uid: tuser1 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1003 +gecos: tuser1 +sn: User +homeDirectory: /home/tuser1 +cn: Tim User +uidNumber: 1101 + +# tuser2, users, accounts, example.com +dn: uid=tuser2,cn=users,cn=accounts,dc=example,dc=com +uid: tuser2 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser2 +sn: User +homeDirectory: /home/tuser2 +cn: Timmy User +uidNumber: 1102 + +# tuser3, users, accounts, example.com +dn: uid=tuser3,cn=users,cn=accounts,dc=example,dc=com +uid: tuser3 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser3 +sn: User +homeDirectory: /home/tuser3 +cn: Timothy User +uidNumber: 1103 + +# g1, groups, accounts, example.com +dn: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 1001 +cn: g1 +description: g1 +member: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +member: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config + +# g2, groups, accounts, example.com +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 2002 +cn: g2 +description: g2 +member: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +member: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config + diff --git a/tests/test39-schema-restrictignore/after.sh b/tests/test39-schema-restrictignore/after.sh new file mode 100755 index 0000000..0579ab2 --- /dev/null +++ b/tests/test39-schema-restrictignore/after.sh @@ -0,0 +1,5 @@ +#!/bin/sh +echo '[updated]' +search -b "cn=NIS Server,cn=plugins,cn=config" dn nis-domain nis-map | $LDIFSORT +echo '[result]' +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test39-schema-restrictignore/after.txt b/tests/test39-schema-restrictignore/after.txt new file mode 100644 index 0000000..cbbef96 --- /dev/null +++ b/tests/test39-schema-restrictignore/after.txt @@ -0,0 +1,20 @@ +[updated] +dn: cn=NIS Server,cn=plugins,cn=config + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: mac2name + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +nis-domain: example.com +nis-map: name2mac +nis-map: name2mac2 + +[result] +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test39-schema-restrictignore/before.sh b/tests/test39-schema-restrictignore/before.sh new file mode 100755 index 0000000..b85c1ab --- /dev/null +++ b/tests/test39-schema-restrictignore/before.sh @@ -0,0 +1,2 @@ +#!/bin/sh +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test39-schema-restrictignore/before.txt b/tests/test39-schema-restrictignore/before.txt new file mode 100644 index 0000000..9c92512 --- /dev/null +++ b/tests/test39-schema-restrictignore/before.txt @@ -0,0 +1,7 @@ +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test39-schema-restrictignore/change.sh b/tests/test39-schema-restrictignore/change.sh new file mode 100755 index 0000000..0db2c95 --- /dev/null +++ b/tests/test39-schema-restrictignore/change.sh @@ -0,0 +1,15 @@ +#!/bin/sh +modify << EOF +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +changetype: modify +add: nis-map +nis-map: name2mac2 +- + +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +changetype: modify +add: member +member: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +- + +EOF diff --git a/tests/test39-schema-restrictignore/change.txt b/tests/test39-schema-restrictignore/change.txt new file mode 100644 index 0000000..50b0ac7 --- /dev/null +++ b/tests/test39-schema-restrictignore/change.txt @@ -0,0 +1,4 @@ +modifying entry "nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config" + +modifying entry "cn=g2,cn=groups,cn=accounts,dc=example,dc=com" + diff --git a/tests/test39-schema-restrictignore/description.txt b/tests/test39-schema-restrictignore/description.txt new file mode 100644 index 0000000..2699c9a --- /dev/null +++ b/tests/test39-schema-restrictignore/description.txt @@ -0,0 +1 @@ +restrict and ignore, working together diff --git a/tests/test39-schema-restrictignore/dse.ldif b/tests/test39-schema-restrictignore/dse.ldif new file mode 100644 index 0000000..1fbf5f9 --- /dev/null +++ b/tests/test39-schema-restrictignore/dse.ldif @@ -0,0 +1,38 @@ +dn: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-group +schema-compat-container-group: cn=compat,cn=accounts,dc=example,dc=com +schema-compat-container-rdn: ou=group +schema-compat-check-access: yes +schema-compat-search-base: cn=groups,cn=Accounts,dc=example,dc=com +schema-compat-search-base: cn=managed-groups,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (&(objectClass=posixGroup)(gidNumber>=1500)) +schema-compat-entry-rdn: cn=%{cn} +schema-compat-entry-attribute: objectclass=extensibleObject +schema-compat-entry-attribute: memberUid=%deref_r("member","uid") +schema-compat-entry-attribute: memberCN=%deref_r("member","nis-map") +schema-compat-entry-attribute: gidNumber=%{gidNumber} +schema-compat-ignore-subtree: cn=NIS Server,cn=plugins,cn=config +schema-compat-restrict-subtree: cn=accounts,dc=example,dc=com + +dn: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: name2mac +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%2") +nis-values-format: %{macaddress} %{cn} + +dn: nis-domain=example.com+nis-map=mac2name,cn=NIS Server,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +nis-domain: example.com +nis-map: mac2name +nis-base: cn=computers, cn=Accounts, dc=example, dc=com +nis-filter: objectclass=ieee802device +nis-keys-format: %mregsub("%{macaddress} %{cn}","(..:..:..:..:..:..) (.*)","%1") +nis-values-format: %{macaddress} %{cn} + diff --git a/tests/test39-schema-restrictignore/plugin-process-all.txt b/tests/test39-schema-restrictignore/plugin-process-all.txt new file mode 100644 index 0000000..fc7b80d --- /dev/null +++ b/tests/test39-schema-restrictignore/plugin-process-all.txt @@ -0,0 +1 @@ +verifying that we get called diff --git a/tests/test39-schema-restrictignore/userRoot.ldif b/tests/test39-schema-restrictignore/userRoot.ldif new file mode 100644 index 0000000..f450895 --- /dev/null +++ b/tests/test39-schema-restrictignore/userRoot.ldif @@ -0,0 +1,87 @@ +# users, accounts, example.com +dn: cn=users,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: users + +# groups, accounts, example.com +dn: cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# managed-groups, accounts, example.com +dn: cn=managed-groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# tuser1, users, accounts, example.com +dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +uid: tuser1 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1003 +gecos: tuser1 +sn: User +homeDirectory: /home/tuser1 +cn: Tim User +uidNumber: 1101 + +# tuser2, users, accounts, example.com +dn: uid=tuser2,cn=users,cn=accounts,dc=example,dc=com +uid: tuser2 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser2 +sn: User +homeDirectory: /home/tuser2 +cn: Timmy User +uidNumber: 1102 + +# tuser3, users, accounts, example.com +dn: uid=tuser3,cn=users,cn=accounts,dc=example,dc=com +uid: tuser3 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser3 +sn: User +homeDirectory: /home/tuser3 +cn: Timothy User +uidNumber: 1103 + +# g1, groups, accounts, example.com +dn: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 1001 +cn: g1 +description: g1 +member: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +member: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config + +# g2, groups, accounts, example.com +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 2002 +cn: g2 +description: g2 +member: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +member: nis-domain=example.com+nis-map=name2mac,cn=NIS Server,cn=plugins,cn=config + diff --git a/tests/test40-schema-ignoredefault/after.sh b/tests/test40-schema-ignoredefault/after.sh new file mode 100755 index 0000000..278fcae --- /dev/null +++ b/tests/test40-schema-ignoredefault/after.sh @@ -0,0 +1,3 @@ +#!/bin/sh +echo '[result]' +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test40-schema-ignoredefault/after.txt b/tests/test40-schema-ignoredefault/after.txt new file mode 100644 index 0000000..db120fb --- /dev/null +++ b/tests/test40-schema-ignoredefault/after.txt @@ -0,0 +1,8 @@ +[result] +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test40-schema-ignoredefault/before.sh b/tests/test40-schema-ignoredefault/before.sh new file mode 100755 index 0000000..b85c1ab --- /dev/null +++ b/tests/test40-schema-ignoredefault/before.sh @@ -0,0 +1,2 @@ +#!/bin/sh +search -b cn=compat,cn=accounts,dc=example,dc=com dn gidNumber memberCN | $LDIFSORT diff --git a/tests/test40-schema-ignoredefault/before.txt b/tests/test40-schema-ignoredefault/before.txt new file mode 100644 index 0000000..9c92512 --- /dev/null +++ b/tests/test40-schema-ignoredefault/before.txt @@ -0,0 +1,7 @@ +dn: cn=compat,cn=accounts,dc=example,dc=com + +dn: cn=g2,ou=group,cn=compat,cn=accounts,dc=example,dc=com +gidNumber: 2002 + +dn: ou=group,cn=compat,cn=accounts,dc=example,dc=com + diff --git a/tests/test40-schema-ignoredefault/change.sh b/tests/test40-schema-ignoredefault/change.sh new file mode 100755 index 0000000..d1510b9 --- /dev/null +++ b/tests/test40-schema-ignoredefault/change.sh @@ -0,0 +1,18 @@ +#!/bin/sh +add << EOF +dn: cn=reindex now,cn=index,cn=tasks,cn=config +changetype: add +objectclass: top +objectclass: extensibleObject +cn: reindex now +nsInstance: userRoot +nsIndexAttribute: objectclass +nsIndexAttribute: aci +nsIndexAttribute: cn +nsIndexAttribute: mail +nsIndexAttribute: member +nsIndexAttribute: memberOf +nsIndexAttribute: uid +nis-map: bogus + +EOF diff --git a/tests/test40-schema-ignoredefault/change.txt b/tests/test40-schema-ignoredefault/change.txt new file mode 100644 index 0000000..7cfd0b0 --- /dev/null +++ b/tests/test40-schema-ignoredefault/change.txt @@ -0,0 +1,2 @@ +adding new entry "cn=reindex now,cn=index,cn=tasks,cn=config" + diff --git a/tests/test40-schema-ignoredefault/description.txt b/tests/test40-schema-ignoredefault/description.txt new file mode 100644 index 0000000..d883f1f --- /dev/null +++ b/tests/test40-schema-ignoredefault/description.txt @@ -0,0 +1 @@ +ignore default subtrees diff --git a/tests/test40-schema-ignoredefault/dse.ldif b/tests/test40-schema-ignoredefault/dse.ldif new file mode 100644 index 0000000..b134a65 --- /dev/null +++ b/tests/test40-schema-ignoredefault/dse.ldif @@ -0,0 +1,16 @@ +dn: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-group +schema-compat-container-group: cn=compat,cn=accounts,dc=example,dc=com +schema-compat-container-rdn: ou=group +schema-compat-check-access: yes +schema-compat-search-base: cn=groups,cn=Accounts,dc=example,dc=com +schema-compat-search-base: cn=managed-groups,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (&(objectClass=posixGroup)(gidNumber>=1500)) +schema-compat-entry-rdn: cn=%{cn} +schema-compat-entry-attribute: objectclass=extensibleObject +schema-compat-entry-attribute: memberUid=%deref_r("member","uid") +schema-compat-entry-attribute: memberCN=%deref_r("member","nis-map") +schema-compat-entry-attribute: gidNumber=%{gidNumber} + diff --git a/tests/test40-schema-ignoredefault/plugin-process-all.txt b/tests/test40-schema-ignoredefault/plugin-process-all.txt new file mode 100644 index 0000000..fc7b80d --- /dev/null +++ b/tests/test40-schema-ignoredefault/plugin-process-all.txt @@ -0,0 +1 @@ +verifying that we get called diff --git a/tests/test40-schema-ignoredefault/userRoot.ldif b/tests/test40-schema-ignoredefault/userRoot.ldif new file mode 100644 index 0000000..cc579f8 --- /dev/null +++ b/tests/test40-schema-ignoredefault/userRoot.ldif @@ -0,0 +1,86 @@ +# users, accounts, example.com +dn: cn=users,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: users + +# groups, accounts, example.com +dn: cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# managed-groups, accounts, example.com +dn: cn=managed-groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: groups + +# tuser1, users, accounts, example.com +dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +uid: tuser1 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1003 +gecos: tuser1 +sn: User +homeDirectory: /home/tuser1 +cn: Tim User +uidNumber: 1101 + +# tuser2, users, accounts, example.com +dn: uid=tuser2,cn=users,cn=accounts,dc=example,dc=com +uid: tuser2 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser2 +sn: User +homeDirectory: /home/tuser2 +cn: Timmy User +uidNumber: 1102 + +# tuser3, users, accounts, example.com +dn: uid=tuser3,cn=users,cn=accounts,dc=example,dc=com +uid: tuser3 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +gecos: tuser3 +sn: User +homeDirectory: /home/tuser3 +cn: Timothy User +uidNumber: 1103 + +# g1, groups, accounts, example.com +dn: cn=g1,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 1001 +cn: g1 +description: g1 +member: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +member: cn=reindex now,cn=index,cn=tasks,cn=config + +# g2, groups, accounts, example.com +dn: cn=g2,cn=groups,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: groupofnames +objectClass: posixGroup +objectClass: inetUser +gidNumber: 2002 +cn: g2 +description: g2 +member: cn=g1,cn=groups,cn=accounts,dc=example,dc=com + |