summaryrefslogtreecommitdiffstats
path: root/tests/data/slapd-idassert.conf
diff options
context:
space:
mode:
Diffstat (limited to 'tests/data/slapd-idassert.conf')
-rw-r--r--tests/data/slapd-idassert.conf125
1 files changed, 125 insertions, 0 deletions
diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf
new file mode 100644
index 0000000..d636443
--- /dev/null
+++ b/tests/data/slapd-idassert.conf
@@ -0,0 +1,125 @@
+# provider slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path ./ucdata
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy both
+authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
+authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
+authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
+authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+ by self =wx
+ by anonymous =x
+
+access to dn.exact=""
+ by * read
+
+access to *
+ by users read
+ by * search
+
+database @BACKEND@
+
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#null#bind on
+#~null~#directory @TESTDIR@/db.1.a
+#indexdb#index objectClass eq
+#indexdb#index cn,sn,uid pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+
+access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
+ attrs=authzTo
+ by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
+ by * =x
+
+database @BACKEND@
+
+suffix "dc=example,dc=it"
+rootdn "cn=Manager,dc=example,dc=it"
+rootpw secret
+#~null~#directory @TESTDIR@/db.2.a
+#indexdb#index objectClass eq
+#indexdb#index cn,sn,uid pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
+
+database ldap
+suffix "o=Example,c=US"
+uri "@URI1@"
+
+#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self
+#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self
+
+# authorizes database
+idassert-authzFrom "dn.subtree:dc=example,dc=it"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
+
+database ldap
+suffix "o=Esempio,c=IT"
+uri "@URI1@"
+
+acl-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy"
+idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
+
+# authorizes database
+idassert-authzFrom "dn.subtree:dc=example,dc=com"
+# authorizes anonymous
+idassert-authzFrom "dn.exact:"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
+
+access to attrs=entry,cn,sn,mail
+ by users read
+
+access to *
+ by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
+ by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
+ by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
+ by * none
+
+database monitor
+rootdn "cn=monitor"
+rootpw monitor