#! /bin/sh ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2018 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## . echo "running defines.sh" . $SRCDIR/scripts/defines.sh if test $DYNLIST = "dynlistno" ; then echo "dynlist overlay not available, test skipped" exit 0 fi if test $BACKEND = ldif ; then # dynlist+ldif fails because back-ldif lacks bi_op_compare() echo "$BACKEND backend unsuitable for dynlist overlay, test skipped" exit 0 fi mkdir -p $TESTDIR $DBDIR1 $SLAPPASSWD -g -n >$CONFIGPWF echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf if test $MONITORDB != no ; then DBIX=2 else DBIX=1 fi echo "Running slapadd to build slapd database..." . $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF $SLAPADD -f $ADDCONF -l $LDIFORDERED RC=$? if test $RC != 0 ; then echo "slapadd failed ($RC)!" exit $RC fi . $CONFFILTER $BACKEND $MONITORDB < $DYNLISTCONF > $CONF1 echo "Starting slapd on TCP/IP port $PORT1..." $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$PID" sleep 1 echo "Testing slapd searching..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ '(objectclass=*)' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi cat /dev/null > $SEARCHOUT LISTDN="ou=Dynamic Lists,$BASEDN" echo "Adding a dynamic list..." $LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ > $TESTOUT 2>&1 << EOMODS dn: $LISTDN objectClass: organizationalUnit ou: Dynamic Lists dn: cn=Dynamic List,$LISTDN objectClass: groupOfURLs cn: Dynamic List memberURL: ldap:///ou=People,${BASEDN}?cn,mail?sub?(objectClass=person) EOMODS echo "Testing list search of all attrs..." echo "# Testing list search of all attrs..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a listed attr..." echo "# Testing list search of a listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' mail \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a non-listed attr..." echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' objectClass \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search with (critical) manageDSAit..." echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \ '(cn=Dynamic List)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list compare..." echo "# Testing list compare..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 6) echo "ldapcompare returned TRUE ($RC)" ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Testing list compare (should return FALSE)..." echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List,$LISTDN" "cn:FALSE" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Testing list compare (should return UNDEFINED)..." echo "# Testing list compare (should return UNDEFINED)..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List,$LISTDN" "dc:UNDEFINED" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 16|32) echo "ldapcompare returned UNDEFINED ($RC)" ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)" ;; esac echo "" >> $SEARCHOUT echo "Testing list compare with manageDSAit..." echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \ "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Reconfiguring slapd..." $LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ $TESTOUT 2>&1 << EOMODS version: 1 dn: olcOverlay={0}dynlist,olcDatabase={$DBIX}$BACKEND,cn=config changetype: modify delete: olcDLattrSet olcDLattrSet: {0} - add: olcDLattrSet olcDLattrSet: groupOfURLs memberURL sn:cn mail - EOMODS echo "==========================================================" >> $LOG1 echo "Testing attribute mapping" echo "Testing list search of all (mapped) attrs..." echo "# Testing list search of all (mapped) attrs..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a (mapped) listed attr..." echo "# Testing list search of a (mapped) listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' sn \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a (n unmapped) listed attr..." echo "# Testing list search of a (n unmapped) listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List)' mail \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list compare (mapped attrs) ..." echo "# Testing list compare (mapped attrs) ..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List,$LISTDN" "sn:Bjorn Jensen" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 6) echo "ldapcompare returned TRUE ($RC)" ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Testing list compare (mapped attrs; should return FALSE)..." echo "# Testing list compare (mapped attrs; should return FALSE)..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List,$LISTDN" "sn:FALSE" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Reconfiguring slapd..." $LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ $TESTOUT 2>&1 << EOMODS version: 1 dn: olcOverlay={0}dynlist,olcDatabase={$DBIX}$BACKEND,cn=config changetype: modify delete: olcDLattrSet olcDLattrSet: {0} - add: olcDLattrSet olcDLattrSet: groupOfURLs memberURL member - EOMODS echo "==========================================================" >> $LOG1 echo "Adding a dynamic list..." $LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ > $TESTOUT 2>&1 << EOMODS dn: cn=Dynamic List of Members,$LISTDN objectClass: groupOfURLs cn: Dynamic List of Members memberURL: ldap:///ou=People,${BASEDN}??sub?(objectClass=person) EOMODS echo "Testing list search of all attrs..." echo "# Testing list search of all attrs..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a listed attr..." echo "# Testing list search of a listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' member \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search of a non-listed attr..." echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' objectClass \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search with (critical) manageDSAit..." echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \ '(&(cn=Dynamic List of Members)(objectClass=groupOfURLs))' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi CMPDN="$BJORNSDN" echo "Testing list compare..." echo "# Testing list compare..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 6) echo "ldapcompare returned TRUE ($RC)" ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT CMPDN="$BADBJORNSDN" echo "Testing list compare (should return FALSE)..." echo "# Testing list compare... (should return FALSE)" >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT CMPDN="$BJORNSDN" echo "Testing list compare (should return FALSE)..." echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ "cn=Dynamic List of Members,$LISTDN" "member:cn=Foo Bar" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "Testing list compare with manageDSAit..." echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT $LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \ "cn=Dynamic List,$LISTDN" "member:$CMPDN" \ >> $SEARCHOUT 2>&1 RC=$? case $RC in 5) echo "ldapcompare returned FALSE ($RC)" ;; 6) echo "ldapcompare returned TRUE ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; 0) echo "ldapcompare returned success ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapcompare failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac echo "" >> $SEARCHOUT echo "==========================================================" >> $LOG1 echo "Testing dgIdentity..." # Set ACL, require authentication to get list contents $LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ $TESTOUT 2>&1 << EOMODS version: 1 dn: olcDatabase={$DBIX}$BACKEND,cn=config changetype: modify add: olcAccess olcAccess: to dn.base="cn=Dynamic List of Members,$LISTDN" by * read olcAccess: to * by users read by * search EOMODS echo "Testing list search without dgIdentity..." echo "# Testing list search without dgIdentity..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ > $TESTOUT 2>&1 << EOMODS dn: cn=Dynamic List of Members,$LISTDN changetype: modify add: objectClass objectClass: dgIdentityAux - add: dgIdentity dgIdentity: $CMPDN EOMODS echo "Testing list search with dgIdentity..." echo "# Testing list search with dgIdentity..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing dgAuthz..." CMPDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ > $TESTOUT 2>&1 << EOMODS dn: cn=Dynamic List of Members,$LISTDN changetype: modify add: dgAuthz dgAuthz: dn:$BABSDN EOMODS echo "Testing list search with dgIdentity and dgAuthz anonymously..." echo "# Testing list search with dgIdentity and dgAuthz anonymously..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ '(cn=Dynamic List of Members)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing list search with dgIdentity and dgAuthz as the authorized identity..." echo "# Testing list search with dgIdentity and dgAuthz as the authorized identity..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ -D "$BABSDN" -w bjensen \ '(cn=Dynamic List of Members)' '*' \ >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi test $KILLSERVERS != no && kill -HUP $KILLPIDS LDIF=$DYNLISTOUT echo "Filtering ldapsearch results..." $LDIFFILTER < $SEARCHOUT > $SEARCHFLT echo "Filtering original ldif used to create database..." $LDIFFILTER < $LDIF > $LDIFFLT echo "Comparing filter output..." $CMP $SEARCHFLT $LDIFFLT > $CMPOUT if test $? != 0 ; then echo "Comparison failed" exit 1 fi echo ">>>>> Test succeeded" test $KILLSERVERS != no && wait exit 0