1 files changed, 125 insertions, 0 deletions
diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf
new file mode 100644
index 0000000..d636443
--- /dev/null
+++ b/tests/data/slapd-idassert.conf
@@ -0,0 +1,125 @@
+# provider slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#ucdata-path	./ucdata
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+authz-policy	both
+authz-regexp	"^uid=manager,.+" "cn=Manager,dc=example,dc=com"
+authz-regexp	"^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
+authz-regexp	"^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
+authz-regexp	"^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
+access to attrs=userpassword
+	by self =wx
+	by anonymous =x
+
+access to dn.exact=""
+	by * read
+
+access to *
+	by users read
+	by * search
+
+database	@BACKEND@
+
+suffix		"dc=example,dc=com"
+rootdn		"cn=Manager,dc=example,dc=com"
+rootpw		secret
+#null#bind		on
+#~null~#directory	@TESTDIR@/db.1.a
+#indexdb#index		objectClass	eq
+#indexdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+
+access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
+		attrs=authzTo
+	by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
+	by * =x
+
+database	@BACKEND@
+
+suffix		"dc=example,dc=it"
+rootdn		"cn=Manager,dc=example,dc=it"
+rootpw		secret
+#~null~#directory	@TESTDIR@/db.2.a
+#indexdb#index		objectClass	eq
+#indexdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
+
+database	ldap
+suffix		"o=Example,c=US"
+uri		"@URI1@"
+
+#sasl#idassert-bind	bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self
+#nosasl#idassert-bind	bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self
+
+# authorizes database
+idassert-authzFrom	"dn.subtree:dc=example,dc=it"
+
+overlay		rwm
+rwm-suffixmassage	"dc=example,dc=com"
+
+database	ldap
+suffix		"o=Esempio,c=IT"
+uri		"@URI1@"
+
+acl-bind	bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy"
+idassert-bind	bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
+
+# authorizes database
+idassert-authzFrom	"dn.subtree:dc=example,dc=com"
+# authorizes anonymous
+idassert-authzFrom	"dn.exact:"
+
+overlay		rwm
+rwm-suffixmassage	"dc=example,dc=com"
+
+access to attrs=entry,cn,sn,mail
+	by users read
+
+access to *
+	by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
+	by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
+	by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
+	by * none
+
+database	monitor
+rootdn		"cn=monitor"
+rootpw		monitor