2 # Test id mapping through idmap_rfc2307 module
4 echo Usage
: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
5 GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
6 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
27 wbinfo
="$VALGRIND $BINDIR/wbinfo"
28 net
="$VALGRIND $BINDIR/net"
31 if [ -x "$BINDIR/ldbsearch" ]; then
32 ldbsearch
="$BINDIR/ldbsearch"
36 if [ -x "$BINDIR/ldbadd" ]; then
37 ldbadd
="$BINDIR/ldbadd"
41 if [ -x "$BINDIR/ldbdel" ]; then
42 ldbdel
="$BINDIR/ldbdel"
47 .
`dirname $0`/..
/..
/testprogs
/blackbox
/subunit.sh
50 $VALGRIND $ldbsearch -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
51 -s one
-b "$LDAPPREFIX" |
grep '^dn:' | cut
-d ' ' -f 2- |
52 xargs -d '\n' -n 1 -IDEL_DN \
53 $ldbdel -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
55 $VALGRIND $ldbdel -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
57 # Add id mapping information to LDAP
59 testit
"add ldap prefix" $VALGRIND $ldbadd -H ldap
://$DC_SERVER \
60 -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
62 objectclass: organizationalUnit
65 testit
"add ldap user mapping record" $VALGRIND $ldbadd -H ldap
://$DC_SERVER \
66 -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
67 dn: cn=$USERNAME,$LDAPPREFIX
68 objectClass: organizationalPerson
69 objectClass: posixAccount
75 homeDirectory: /home/admin
78 testit
"add second ldap user mapping record" $VALGRIND $ldbadd \
79 -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
80 dn: cn=$USERNAME2,$LDAPPREFIX
81 objectClass: organizationalPerson
82 objectClass: posixAccount
88 homeDirectory: /home/admin
91 testit
"add ldap group mapping record" $VALGRIND $ldbadd \
92 -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
93 dn: cn=$GROUPNAME,$LDAPPREFIX
94 objectClass: posixGroup
95 objectClass: groupOfNames
98 member: cn=$USERNAME,$LDAPPREFIX
101 testit
"add second ldap group mapping record" $VALGRIND $ldbadd \
102 -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
103 dn: cn=$GROUPNAME2,$LDAPPREFIX
104 objectClass: posixGroup
105 objectClass: groupOfNames
107 gidNumber: $GROUPGID2
108 member: cn=$USERNAME,$LDAPPREFIX
111 testit
"wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed
=$
(expr $failed + 1)
112 user_sid
=$
($wbinfo -n "$DOMAIN/$USERNAME" | cut
-d " " -f1)
113 echo "$DOMAIN/$USERNAME resolved to $user_sid"
115 testit
"wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed
=$
(expr $failed + 1)
116 user_uid
=$
($wbinfo --sid-to-uid=$user_sid | cut
-d " " -f1)
117 echo "$DOMAIN/$USERNAME resolved to $user_uid"
119 testit
"test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed
=$
(expr $failed + 1)
121 # Not sure how to get group names with spaces to resolve through testit
122 #testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" || failed=$(expr $failed + 1)
123 group_sid
=$
($wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" | cut
-d " " -f1)
124 echo "$DOMAIN/$GROUPNAME resolved to $group_sid"
126 testit
"wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed
=$
(expr $failed + 1)
127 group_gid
=$
($wbinfo --sid-to-gid=$group_sid | cut
-d " " -f1)
128 echo "$DOMAIN/$GROUPNAME resolved to $group_gid"
130 testit
"test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed
=$
(expr $failed + 1)
132 # Use different user and group for reverse lookup to not read from cache
134 testit
"$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed
=$
(expr $failed + 1)
135 user_sid2
=$
($wbinfo --uid-to-sid=$USERUID2 | cut
-d " " -f1)
136 echo "UID $USERUID2 resolved to SID $user_sid2"
138 testit
"$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed
=$
(expr $failed + 1)
139 user_name2
=$
($wbinfo --sid-to-name=$user_sid2 | cut
-d " " -f1)
140 echo "SID $user_sid2 resolved to $user_name2"
142 testit
"test $user_name2 = $DOMAIN/$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$USERNAME2 | tr A-Z a-z)" || failed
=$
(expr $failed + 1)
144 testit
"$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed
=$
(expr $failed + 1)
145 group_sid2
=$
($wbinfo --gid-to-sid=$GROUPGID2 | cut
-d " " -f1)
146 echo "GID $GROUPGID2 resolved to SID $group_sid2"
148 testit
"$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed
=$
(expr $failed + 1)
149 group_name2
=$
($wbinfo --sid-to-name=$group_sid2 | cut
-d " " -f1)
150 echo "SID $group_sid2 resolved to $group_name2"
152 testit
"test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed
=$
(expr $failed + 1)
155 while [ ${i} -lt ${NUMGROUPS} ] ; do
156 GRP
=$
(printf "test_rfc2307_group_%3.3d" "$i")
157 GRP_GID
=$
(expr "$GID_START" + "$i")
158 testit
"Add group $GRP" $net rpc group add
"$GRP" -S "$DC_SERVER" \
159 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
160 failed
=$
(expr $failed + 1)
161 testit
"Add groupmem $GRP $USERNAME" \
162 $net rpc group addmem
"$GRP" "$USERNAME" \
164 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
165 failed
=$
(expr $failed + 1)
166 testit
"Add group object for $GRP $GRP_GID" \
168 -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
169 dn: cn=$GRP,$LDAPPREFIX
170 objectClass: posixGroup
171 objectClass: groupOfNames
174 member: cn=$USERNAME,$LDAPPREFIX
179 # Test whether wbinfo --xids-to-sids finds everything
183 while [ ${i} -lt ${NUMGROUPS} ] ; do
184 GIDS
="$GIDS g$(expr ${i} + ${GID_START})"
187 NUM_VALID_SIDS
=$
($wbinfo --unix-ids-to-sids="$GIDS" |
grep -v ^S-0-0 |
wc -l)
189 testit
"Count number of valid sids found" \
190 test ${NUM_VALID_SIDS} = ${NUMGROUPS} ||
191 failed
=$
(expr $failed + 1)
193 # Test whether wbinfo -r shows all groups
195 EXPECTED_USERGROUPS
="1000000/1000001/2000002/"
197 while [ ${i} -lt ${NUMGROUPS} ] ; do
198 EXPECTED_USERGROUPS
="$EXPECTED_USERGROUPS$(expr ${i} + ${GID_START})/"
202 USERGROUPS
=$
($wbinfo -r $DOMAIN/$USERNAME |
sort -n |
tr '\n' '/')
204 testit
"Testing for expected group memberships" \
205 test "$USERGROUPS" = "$EXPECTED_USERGROUPS" ||
206 failed
=$
(expr $failed + 1)
209 while [ ${i} -lt ${NUMGROUPS} ] ; do
210 GRP
=$
(printf "test_rfc2307_group_%3.3d" ${i})
211 testit
"Del group $GRP" $net rpc group delete
"$GRP" -S "$DC_SERVER" \
212 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
213 failed
=$
(expr $failed + 1)
217 # Delete LDAP records
218 $VALGRIND $ldbsearch -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
219 -s one
-b "$LDAPPREFIX" |
grep '^dn:' | cut
-d ' ' -f 2- |
220 xargs -d '\n' -n 1 -IDEL_DN \
221 $ldbdel -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
223 $VALGRIND $ldbdel -H ldap
://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"