diff options
Diffstat (limited to 'tests/data/regressions/its9863')
| -rw-r--r-- | tests/data/regressions/its9863/db.ldif | 39 | ||||
| -rwxr-xr-x | tests/data/regressions/its9863/its9863 | 292 | ||||
| -rw-r--r-- | tests/data/regressions/its9863/slapd-consumer.ldif | 154 | ||||
| -rw-r--r-- | tests/data/regressions/its9863/slapd-provider.ldif | 117 |
4 files changed, 602 insertions, 0 deletions
diff --git a/tests/data/regressions/its9863/db.ldif b/tests/data/regressions/its9863/db.ldif new file mode 100644 index 0000000..c7c478b --- /dev/null +++ b/tests/data/regressions/its9863/db.ldif @@ -0,0 +1,39 @@ +dn: dc=example,dc=com +objectClass: top +objectClass: organization +objectClass: dcObject +o: example +dc: example + +dn: cn=replicator,dc=example,dc=com +objectClass: top +objectClass: organizationalRole +objectClass: simpleSecurityObject +cn: replicator +description: Replication user +userPassword: secret + +dn: cn=ldap-server,dc=example,dc=com +objectClass: top +objectClass: organizationalRole +objectClass: simpleSecurityObject +cn: ldap-server +description: ldap-server sasl object +userPassword: secret +authzTo: {0}dn.regex:^(.+,)+dc=example,dc=com$ + +dn: ou=people,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: people + +dn: uid=test,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: test test +uid: test +sn: Test +givenName: Test +userPassword: secret + diff --git a/tests/data/regressions/its9863/its9863 b/tests/data/regressions/its9863/its9863 new file mode 100755 index 0000000..d6b4795 --- /dev/null +++ b/tests/data/regressions/its9863/its9863 @@ -0,0 +1,292 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +ITS=9863 +ITSDIR=$DATADIR/regressions/its$ITS + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi +if test $SYNCPROV = "syncprovno" ; then + echo "syncprov overlay not available, test skipped" + exit 0 +fi +if test $AUDITLOG = "auditlogno" ; then + echo "auditlog overlay not available, test skipped" + exit 0 +fi +if test $UNIQUE = "uniqueno" ; then + echo "unique overlay not available, test skipped" + exit 0 +fi +if test $CONSTRAINT = "constraintno" ; then + echo "constraint overlay not available, test skipped" + exit 0 +fi + +echo "This test checks slapo-chain behavior when forwarding lastbind" +echo "information to a provider as the rootdn when using a SASL mechanism" +echo "and authzto to allow identity assumption" +echo "Test #1 ensures that authzid in IDAssertBind is working correctly." +echo "Test #2 ensures that ACLbind works correctly." + +PDIR=$TESTDIR/prov +CDIR=$TESTDIR/cons +mkdir -p $TESTDIR $PDIR/db $PDIR/slapd.d +mkdir -p $CDIR/db $CDIR/slapd.d + +$SLAPPASSWD -g -n >$CONFIGPWF + +cp -r $DATADIR/tls $TESTDIR +cp $ITSDIR/db.ldif $TESTDIR + +# +# Start slapd that acts as a remote LDAP server that will be proxied +# +echo "Running slapadd to build database on the provider..." +. $CONFFILTER $BACKEND < $ITSDIR/slapd-provider.ldif > $CONFLDIF +$SLAPADD -F $PDIR/slapd.d -n 0 -l $CONFLDIF +$SLAPADD -F $PDIR/slapd.d -q -b $BASEDN -l $TESTDIR/db.ldif +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd provider on TCP/IP port $PORT1 and ${PORT2}..." +$SLAPD -F $PDIR/slapd.d -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 & +PROVPID=$! +if test $WAIT != 0 ; then + echo PROVPID $PROVPID + read foo +fi +KILLPIDS="$KILLPIDS $PROVPID" + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITORDN" -H $URI1 \ + -D $MANAGERDN \ + -w $PASSWD \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP0 seconds for slapd to start..." + sleep $SLEEP0 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PROVPID + exit $RC +fi + +# +# Start slapd consumer +# +echo "Starting slapd consumer on TCP/IP port $PORT3 and ${PORT4}..." +. $CONFFILTER $BACKEND < $ITSDIR/slapd-consumer.ldif > $CONF2 +$SLAPADD -F $CDIR/slapd.d -n 0 -l $CONF2 +$SLAPD -F $CDIR/slapd.d -h "$URI3 $SURI4" -d $LVL > $LOG2 2>&1 & +CONSPID=$! +if test $WAIT != 0 ; then + echo CONSPID $CONSPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSPID" + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITORDN" -H $URI3 \ + -D $MANAGERDN \ + -w $PASSWD \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP0 seconds for slapd to start..." + sleep $SLEEP0 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPWHOAMI -H $URI3 -x -D "cn=replicator,dc=example,dc=com" -w secret >/dev/null +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sleeping $SLEEP1 seconds for replication of pwdLastSuccess attribute..." +sleep $SLEEP1 + +$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1 +PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l` + +if test $PWDLASTSUCCESS != 1 ; then + echo "Failure: pwdLastSuccess failed to replicate" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Reconfiguring for ACL bind test..." +$LDAPMODIFY -H $URI3 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +changetype: modify +replace: olcDbIDAssertBind +olcDbIDAssertBind: mode=self flags=override,prescriptive,proxy-authz-critical + bindmethod=sasl saslmech=external tls_cert=$TESTDIR/tls/certs/ldap-server.crt + tls_key=$TESTDIR/tls/private/ldap-server.key + tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt +- +add: olcDbACLBind +olcDbACLBind: bindmethod=sasl saslmech=external tls_cert=$TESTDIR/tls/certs/ldap-server.crt + tls_key=$TESTDIR/tls/private/ldap-server.key + tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt + authzid="dn:cn=manager,dc=example,dc=com" +EOF + +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Stopping consumer to test recovery..." +kill -HUP $CONSPID +wait $CONSPID + +KILLPIDS="$PROVPID" + +echo "Starting slapd consumer on TCP/IP port $PORT3 and ${PORT4}..." +$SLAPD -F $CDIR/slapd.d -h "$URI3 $SURI4" -d $LVL > $LOG2 2>&1 & +CONSPID=$! +if test $WAIT != 0 ; then + echo CONSPID $CONSPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSPID" + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITORDN" -H $URI3 \ + -D $MANAGERDN \ + -w $PASSWD \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP0 seconds for slapd to start..." + sleep $SLEEP0 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -H $URI1 -D "$MANAGERDN" -w $PASSWD -e \!relax <<EOF >>$TESTOUT 2>&1 +dn: cn=replicator,dc=example,dc=com +changetype: modify +delete: pwdLastSuccess +EOF + +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sleeping $SLEEP1 seconds for replication of delete for pwdLastSuccess attribute..." +sleep $SLEEP1 + +$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1 +PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l` + +if test $PWDLASTSUCCESS != 0 ; then + echo "Failure: pwdLastSuccess failed to delete" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPWHOAMI -H $URI3 -x -D "cn=replicator,dc=example,dc=com" -w secret >/dev/null +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sleeping $SLEEP1 seconds for replication of pwdLastSuccess attribute..." +sleep $SLEEP1 + +$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1 +PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l` + +if test $PWDLASTSUCCESS != 1 ; then + echo "Failure: pwdLastSuccess failed to replicate" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +USER="uid=test,ou=people,dc=example,dc=com" +echo "Changing password for $USER to test proxied user modifications work..." +$LDAPPASSWD -H $URI3 \ + -w secret -s secret \ + -D "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Changing cn for $USER to test disallowed proxied user modifications should fail..." +$LDAPMODIFY -H $URI3 -D "$USER" -w $PASSWD <<EOF >>$TESTOUT 2>&1 +dn: $USER +changetype: modify +replace: cn +cn: blahblahblah +EOF + +RC=$? +if test $RC != 50; then + echo "ldapmodify should have failed with result code 50, got ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS 2>/dev/null + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/data/regressions/its9863/slapd-consumer.ldif b/tests/data/regressions/its9863/slapd-consumer.ldif new file mode 100644 index 0000000..8f7b0fd --- /dev/null +++ b/tests/data/regressions/its9863/slapd-consumer.ldif @@ -0,0 +1,154 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +olcLogLevel: Sync +olcLogLevel: Stats +olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt +olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key +olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt +olcTLSVerifyClient: hard +olcIndexHash64: TRUE +olcAuthzPolicy: to +olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com" +olcPidFile: @TESTDIR@/slapd.2.pid +olcArgsFile: @TESTDIR@/slapd.2.args + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file://@TESTWD@/@SCHEMADIR@/core.ldif +include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif +include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif +include: file://@TESTWD@/@SCHEMADIR@/misc.ldif +include: file://@TESTWD@/@SCHEMADIR@/nis.ldif + +#mod#dn: cn=module{0},cn=config +#mod#objectClass: olcModuleList +#mod#cn: module{0} +#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/ +#mod#olcModuleLoad: {0}back_@BACKEND@.la + +#mod#dn: cn=module{1},cn=config +#mod#objectClass: olcModuleList +#mod#cn: module{1} +#mod#olcModulePath: @TESTWD@/../servers/slapd/back-ldap/ +#mod#olcModuleLoad: {0}back_ldap.la + +dn: cn=module{2},cn=config +objectClass: olcModuleList +cn: module{2} +olcModulePath: @TESTWD@/../servers/slapd/overlays +olcModuleLoad: {0}syncprov.la +olcModuleLoad: {1}unique.la +olcModuleLoad: {2}constraint.la + +#mdb#dn: olcBackend={0}mdb,cn=config +#mdb#objectClass: olcBackendConfig +#mdb#objectClass: olcMdbBkConfig +#mdb#olcBackend: {0}mdb +#mdb#olcBkMdbIdlExp: 18 + +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +olcAccess: {0}to dn.base="" by * read +olcAccess: {1}to dn.base="cn=Subschema" by * read + +dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +objectClass: olcOverlayConfig +objectClass: olcChainConfig +olcOverlay: {0}chain +olcChainCacheURI: FALSE +olcChainMaxReferralDepth: 1 +olcChainReturnError: TRUE + +dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +objectClass: olcLDAPConfig +objectClass: olcChainDatabase +olcDatabase: {0}ldap +olcDbIDAssertBind: mode=self flags=override,prescriptive,proxy-authz-critical + bindmethod=sasl saslmech=external tls_cert=@TESTDIR@/tls/certs/ldap-server.crt + tls_key=@TESTDIR@/tls/private/ldap-server.key + tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt + authzid="dn:cn=manager,dc=example,dc=com" +olcDbRebindAsUser: TRUE +olcDbChaseReferrals: TRUE +olcDbProxyWhoAmI: FALSE +olcDbProtocolVersion: 3 +olcDbSingleConn: FALSE +olcDbCancel: abandon +olcDbUseTemporaryConn: FALSE +olcDbConnectionPoolMax: 8 +olcDbSessionTrackingRequest: TRUE +olcDbNoRefs: FALSE +olcDbNoUndefFilter: FALSE +olcDbURI: @SURIP2@ + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW:< file://@TESTDIR@/configpw +olcAccess: {0}to * by * none + +dn: olcDatabase={1}@BACKEND@,cn=config +objectClass: olcDatabaseConfig +objectClass: olc@BACKEND@Config +olcDatabase: {1}@BACKEND@ +olcSuffix: dc=example,dc=com +olcRootDN: cn=manager,dc=example,dc=com +olcRootPW: secret +olcLastBindPrecision: 3600 +olcLastBind: TRUE +#~null~#olcDbDirectory: @TESTDIR@/cons/db +#indexdb#olcDbIndex: default eq +#indexdb#olcDbIndex: objectClass +#indexdb#olcDbIndex: cn +#indexdb#olcDbIndex: entryUUID +#indexdb#olcDbIndex: entryCSN +#indexdb#olcDbIndex: mail +#indexdb#olcDbIndex: uid +#indexdb#olcDbIndex: uidNumber +#indexdb#olcDbIndex: gidNumber +#mdb#olcDbMaxSize: 33554432 +#mdb#olcDbMultival: default 100,10 +olcLimits: {0}dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited + time.hard=unlimited size.soft=unlimited size.hard=unlimited +olcAccess: {0}to attrs=userPassword by self write by dn.exact="cn=replicator,dc=example,dc=com" read by anonymous auth +olcAccess: {1}to attrs=authzto by dn.exact="cn=replicator,dc=example,dc=com" read by * auth +olcAccess: {2}to * by * read +olcSyncrepl: {0}rid=100 provider=@SURIP2@ bindmethod=sasl + saslmech=external authzid="dn:cn=replicator,dc=example,dc=com" + searchbase="dc=example,dc=com" + type=refreshAndPersist keepalive=60:5:2 retry="5 6 60 +" + tls_cert=@TESTDIR@/tls/certs/ldap-server.crt + tls_key=@TESTDIR@/tls/private/ldap-server.key + tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt + timeout=3 +olcUpdateRef: @SURIP2@ + +dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +olcSpCheckpoint: 20 10 + +dn: olcOverlay={1}unique,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {1}unique +olcUniqueURI: ldap:///?uid?sub? +olcUniqueURI: ldap:///?uidNumber?sub? +olcUniqueURI: ldap:///?mail?sub? + +dn: olcOverlay={2}constraint,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcConstraintConfig +olcOverlay: {2}constraint +olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$ + +dn: olcDatabase={2}monitor,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {2}monitor +olcAccess: {0}to dn.subtree="cn=monitor" by * read diff --git a/tests/data/regressions/its9863/slapd-provider.ldif b/tests/data/regressions/its9863/slapd-provider.ldif new file mode 100644 index 0000000..aeeac57 --- /dev/null +++ b/tests/data/regressions/its9863/slapd-provider.ldif @@ -0,0 +1,117 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +olcLogLevel: Sync +olcLogLevel: Stats +olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt +olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key +olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt +olcTLSVerifyClient: hard +olcIndexHash64: TRUE +olcAuthzPolicy: to +olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com" +olcPidFile: @TESTDIR@/slapd.1.pid +olcArgsFile: @TESTDIR@/slapd.1.args + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file://@TESTWD@/@SCHEMADIR@/core.ldif +include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif +include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif +include: file://@TESTWD@/@SCHEMADIR@/misc.ldif +include: file://@TESTWD@/@SCHEMADIR@/nis.ldif + +#mod#dn: cn=module{0},cn=config +#mod#objectClass: olcModuleList +#mod#cn: module{0} +#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/ +#mod#olcModuleLoad: {0}back_@BACKEND@.la + +dn: cn=module{1},cn=config +objectClass: olcModuleList +cn: module{1} +olcModulePath: @TESTWD@/../servers/slapd/overlays +olcModuleLoad: {0}syncprov.la +olcModuleLoad: {1}auditlog.la +olcModuleLoad: {2}unique.la +olcModuleLoad: {3}constraint.la + +#mdb#dn: olcBackend={0}mdb,cn=config +#mdb#objectClass: olcBackendConfig +#mdb#objectClass: olcMdbBkConfig +#mdb#olcBackend: {0}mdb +#mdb#olcBkMdbIdlExp: 18 + +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +olcAccess: {0}to dn.base="" by * read +olcAccess: {1}to dn.base="cn=Subschema" by * read + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW:< file://@TESTDIR@/configpw +olcAccess: {0}to * by * none + +dn: olcDatabase={1}@BACKEND@,cn=config +objectClass: olcDatabaseConfig +objectClass: olc@BACKEND@Config +olcDatabase: {1}@BACKEND@ +olcSuffix: dc=example,dc=com +olcRootDN: cn=Manager,dc=example,dc=com +olcRootPW: secret +olcLastBindPrecision: 3600 +olcLastBind: FALSE +olcLimits: {0}dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited + time.hard=unlimited size.soft=unlimited size.hard=unlimited +olcAccess: {0}to attrs=userPassword by self write by dn.exact="cn=replicator,dc=example,dc=com" read by anonymous auth +olcAccess: {1}to attrs=authzto by dn.exact="cn=replicator,dc=example,dc=com" read by * auth +olcAccess: {2}to * by * read +#~null~#olcDbDirectory: @TESTDIR@/prov/db +#indexdb#olcDbIndex: default eq +#indexdb#olcDbIndex: objectClass +#indexdb#olcDbIndex: cn +#indexdb#olcDbIndex: entryUUID +#indexdb#olcDbIndex: entryCSN +#indexdb#olcDbIndex: mail +#indexdb#olcDbIndex: uid +#indexdb#olcDbIndex: uidNumber +#indexdb#olcDbIndex: gidNumber +#mdb#olcDbMaxSize: 33554432 +#mdb#olcDbMultival: default 100,10 + +dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +olcSpCheckpoint: 20 10 +olcSpSessionlog: 150000 + +dn: olcOverlay={1}auditlog,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcAuditlogConfig +olcOverlay: {1}auditlog +olcAuditlogFile: @TESTDIR@/audit.log + +dn: olcOverlay={2}unique,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {2}unique +olcUniqueURI: ldap:///?uid?sub? +olcUniqueURI: ldap:///?uidNumber?sub? +olcUniqueURI: ldap:///?mail?sub? + +dn: olcOverlay={3}constraint,olcDatabase={1}@BACKEND@,cn=config +objectClass: olcOverlayConfig +objectClass: olcConstraintConfig +olcOverlay: {3}constraint +olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$ + +dn: olcDatabase={2}monitor,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {2}monitor +olcAccess: {0}to dn.subtree="cn=monitor" by * read |