aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/test-user-acl.sh
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/test-user-acl.sh')
-rwxr-xr-xldap/test-user-acl.sh60
1 files changed, 37 insertions, 23 deletions
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index 648f9c6..3e53b48 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -1024,94 +1024,108 @@ done | grep -Ev '^(objectClass|creatorsName)=' | isOK '=0$' entry
###########################################################################
-SUFFIX0="${SUFFIX}"
SUFFIX="${SUFFIXS}"
echo
echo "Service SMTP"
+msg "Have =0 access on non-active or pending entries"
+for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
+ search -s base -b "${X},${SUFFIXV}" "(|(fripostIsStatusActive=TRUE)(fripostPendingToken=*))" | grep -q '^dn: ' && \
+ checkACL "cn=SMTP" "${D}"
+done | isOK '=0$' entry
+[ $? -eq 0 ] || exit $?
+
msg "Can read and search the domain attributes it needs"
for D in ${DOMAINS}; do
+ search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
checkACL "cn=SMTP" "${D}" entry fvd fripostOptionalMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the domain attributes it needs"
for D in ${DOMAINS}; do
- checkACL "cn=SMTP" "${D}" objectClass fripostPendingToken fripostIsStatusActive
-done | isOK '=sd$' objectClass
+ search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
+ checkACL "cn=SMTP" "${D}" objectClass
+done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other domain attributes"
for D in ${DOMAINS}; do
- checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description
+ checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the user attributes it needs"
for U in ${USERS}; do
+ search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
checkACL "cn=SMTP" "${U}" entry fvu fripostOptionalMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the user attributes it needs"
for U in ${USERS}; do
- checkACL "cn=SMTP" "${U}" objectClass fripostIsStatusActive
-done | isOK '=sd$' objectClass
+ search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
+ checkACL "cn=SMTP" "${U}" objectClass
+done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other user attributes"
for U in ${USERS}; do
- checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description
+ checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the alias attributes it needs"
for A in ${ALIASES}; do
+ search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
checkACL "cn=SMTP" "${A}" entry fva fripostMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the alias attributes it needs"
for A in ${ALIASES}; do
- checkACL "cn=SMTP" "${A}" objectClass fripostIsStatusActive
-done | isOK '=sd$' objectClass
+ search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
+ checkACL "cn=SMTP" "${A}" objectClass
+done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other alias attributes"
for A in ${ALIASES}; do
- checkACL "cn=SMTP" "${A}" children ${OPERATTRS} fripostOwner description
+ checkACL "cn=SMTP" "${A}" children ${OPERATTRS} fripostOwner description fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the list attributes it needs"
for L in ${LISTS}; do
+ search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
checkACL "cn=SMTP" "${L}" entry fvl fripostLocalAlias
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the list attributes it needs"
for L in ${LISTS}; do
- checkACL "cn=SMTP" "${L}" objectClass fripostIsStatusActive fripostPendingToken
-done | isOK '=sd$' objectClass
+ search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
+ checkACL "cn=SMTP" "${L}" objectClass
+done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list attributes"
for L in ${LISTS}; do
- checkACL "cn=SMTP" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description
+ checkACL "cn=SMTP" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description fripostIsStatusActive fripostPendingToken
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the list command attributes it needs"
for LC in ${LISTSC}; do
- checkACL "cn=SMTP" "${LC}" entry fvlc
+ checkACL "cn=SMTP" "${LC}" entry fvlc fripostLocalAlias
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the list command attributes it needs"
for LC in ${LISTSC}; do
checkACL "cn=SMTP" "${LC}" objectClass
-done | isOK '=sd$' objectClass
+done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list command attributes"
@@ -1158,7 +1172,7 @@ done | isOK '=rsd$'
msg "Have =a access on lists' children attribute"
for L in ${LISTS}; do
- search -s base -b "${L},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
+ search -s base -b "${L},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
checkACL "cn=CreateList" "${L}" children
done | isOK '=a$'
[ $? -eq 0 ] || exit $?
@@ -1190,14 +1204,14 @@ echo "Service DeletePendingEntries"
msg "Have =z access on the \"children\" attribute of non-pending entries"
(checkACL "cn=DeletePendingEntries" "" children
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
- search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
+ search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
checkACL "cn=DeletePendingEntries" "${X}" children
done) | isOK '=z$' children
[ $? -eq 0 ] || exit $?
msg "Have =zrsd access on the \"entry\" attribute of pending entries"
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
- search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \
+ search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \
checkACL "cn=DeletePendingEntries" "${X}" entry
done | isOK '=zrsd$' entry
[ $? -eq 0 ] || exit $?
@@ -1205,21 +1219,21 @@ done | isOK '=zrsd$' entry
msg "Have =s access on the \"entry\" attribute of non-pending entries"
(checkACL "cn=DeletePendingEntries" "" entry
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
- search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
+ search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
checkACL "cn=DeletePendingEntries" "${X}" entry
done) | isOK '=s$' entry
[ $? -eq 0 ] || exit $?
-msg "Have =sd access on the attributes it needs on pending entries"
+msg "Have =s access on the attributes it needs on pending entries"
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
- search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \
+ search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \
checkACL "cn=DeletePendingEntries" "${X}" createTimestamp fripostPendingToken
-done | isOK '=sd$' fripostPendingToken
+done | isOK '=s$' fripostPendingToken
[ $? -eq 0 ] || exit $?
msg "Have =0 access these attributes for non-pending entries"
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
- search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
+ search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
checkACL "cn=DeletePendingEntries" "${X}" createTimestamp fripostPendingToken
done | isOK '=0$' fripostPendingToken
[ $? -eq 0 ] || exit $?