summaryrefslogtreecommitdiffstats
path: root/tests/scripts/lloadd
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:32 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:32 +0000
commit5ea77a75dd2d2158401331879f3c8f47940a732c (patch)
treed89dc06e9f4850a900f161e25f84e922c4f86cc8 /tests/scripts/lloadd
parentInitial commit. (diff)
downloadopenldap-upstream.tar.xz
openldap-upstream.zip
Adding upstream version 2.5.13+dfsg.upstream/2.5.13+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-xtests/scripts/lloadd-all105
-rwxr-xr-xtests/scripts/lloadd/test000-rootdse118
-rwxr-xr-xtests/scripts/lloadd/test001-backend-issues218
-rwxr-xr-xtests/scripts/lloadd/test002-load174
-rwxr-xr-xtests/scripts/lloadd/test003-cnconfig433
-rwxr-xr-xtests/scripts/lloadd/test004-monitor345
-rwxr-xr-xtests/scripts/lloadd/test005-tls272
-rwxr-xr-xtests/scripts/lloadd/test006-sasl252
8 files changed, 1917 insertions, 0 deletions
diff --git a/tests/scripts/lloadd-all b/tests/scripts/lloadd-all
new file mode 100755
index 0000000..d531534
--- /dev/null
+++ b/tests/scripts/lloadd-all
@@ -0,0 +1,105 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+. $SRCDIR/scripts/defines.sh
+
+TB="" TN=""
+if test -t 1 ; then
+ TB=`$SHTOOL echo -e "%B" 2>/dev/null`
+ TN=`$SHTOOL echo -e "%b" 2>/dev/null`
+fi
+
+FAILCOUNT=0
+SKIPCOUNT=0
+SLEEPTIME=10
+
+echo ">>>>> Executing all LDAP tests for the Load Balancer"
+
+if [ -n "$NOEXIT" ]; then
+ echo "Result Test" > $TESTWD/results
+fi
+
+for CMD in $SRCDIR/scripts/lloadd/test*; do
+ case "$CMD" in
+ *~) continue;;
+ *.bak) continue;;
+ *.orig) continue;;
+ *.sav) continue;;
+ *) test -f "$CMD" || continue;;
+ esac
+
+ # remove cruft from prior test
+ if test $PRESERVE = yes ; then
+ /bin/rm -rf $TESTDIR/db.*
+ else
+ /bin/rm -rf $TESTDIR
+ fi
+ if test $BACKEND = ndb ; then
+ mysql --user root <<EOF
+ drop database if exists db_1;
+ drop database if exists db_2;
+ drop database if exists db_3;
+ drop database if exists db_4;
+ drop database if exists db_5;
+ drop database if exists db_6;
+EOF
+ fi
+
+ BCMD=`basename $CMD`
+ if [ -x "$CMD" ]; then
+ echo ">>>>> Starting ${TB}$BCMD${TN} for $BACKEND..."
+ START=`date +%s`
+ $CMD
+ RC=$?
+ END=`date +%s`
+
+ if test $RC -eq 0 ; then
+ echo ">>>>> $BCMD completed ${TB}OK${TN} for $BACKEND after $(( $END - $START )) seconds."
+ else
+ echo ">>>>> $BCMD ${TB}failed${TN} for $BACKEND after $(( $END - $START )) seconds"
+ FAILCOUNT=`expr $FAILCOUNT + 1`
+
+ if [ -n "$NOEXIT" ]; then
+ echo "Continuing."
+ else
+ echo "(exit $RC)"
+ exit $RC
+ fi
+ fi
+ else
+ echo ">>>>> Skipping ${TB}$BCMD${TN} for $BACKEND."
+ SKIPCOUNT=`expr $SKIPCOUNT + 1`
+ RC="-"
+ fi
+
+ if [ -n "$NOEXIT" ]; then
+ echo "$RC $BCMD" >> $TESTWD/results
+ fi
+
+# echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+# sleep $SLEEPTIME
+ echo ""
+done
+
+if [ -n "$NOEXIT" ]; then
+ if [ "$FAILCOUNT" -gt 0 ]; then
+ cat $TESTWD/results
+ echo "$FAILCOUNT tests for $BACKEND ${TB}failed${TN}. Please review the test log."
+ else
+ echo "All executed tests for $BACKEND ${TB}succeeded${TN}."
+ fi
+fi
+
+echo "$SKIPCOUNT tests for the Load Balancer were ${TB}skipped${TN}."
diff --git a/tests/scripts/lloadd/test000-rootdse b/tests/scripts/lloadd/test000-rootdse
new file mode 100755
index 0000000..9046b16
--- /dev/null
+++ b/tests/scripts/lloadd/test000-rootdse
@@ -0,0 +1,118 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Starting a second slapd on TCP/IP port $PORT3..."
+sed -e "s,$DBDIR1,$DBDIR2," < $CONF2 > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Starting a third slapd on TCP/IP port $PORT4..."
+sed -e "s,$DBDIR1,$DBDIR3," < $CONF2 > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL > $LOG4 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDANONCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Using ldapsearch to retrieve the root DSE..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -b "" -s base -H $URI1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC = 0 ; then
+ echo "Using ldapsearch to retrieve the cn=Subschema..."
+ $LDAPSEARCH -b "cn=Subschema" -s base -H $URI1 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+ RC=$?
+
+fi
+
+if test $RC = 0 ; then
+ echo "Using ldapsearch to retrieve the cn=Monitor..."
+ $LDAPSEARCH -b "cn=Monitor" -s base -H $URI1 \
+ '@monitor' >> $SEARCHOUT 2>&1
+ RC=$?
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+count=3
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ RC=`grep '^dn:' $SEARCHOUT | wc -l`
+ if test $RC != $count ; then
+ echo ">>>>> Test failed: expected $count entries, got" $RC
+ RC=1
+ else
+ echo ">>>>> Test succeeded"
+ RC=0
+ fi
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC
diff --git a/tests/scripts/lloadd/test001-backend-issues b/tests/scripts/lloadd/test001-backend-issues
new file mode 100755
index 0000000..9b0b0b2
--- /dev/null
+++ b/tests/scripts/lloadd/test001-backend-issues
@@ -0,0 +1,218 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Starting an empty slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+echo "# Testing exact searching..." > $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approximate searching..."
+echo "# Testing approximate searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn~=jENSEN)' name >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR searching..."
+echo "# Testing OR searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(|(givenname=Xx*yY*Z)(cn=)(undef=*)(objectclass=groupofnames)(sn=jones)(member=cn=Manager,dc=example,dc=com)(uniqueMember=cn=Manager,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND matching and ends-with searching..."
+echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -H $URI1 \
+ '(&(objectclass=groupofnames)(cn=A*)(member=cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT searching..."
+echo "# Testing NOT searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass/attributeType inheritance ..."
+echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT
+$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -H $URI1 \
+ '(&(objectClass=inetorgperson)(userid=uham))' \
+ "2.5.4.0" "userid" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTPROVIDER
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test002-load b/tests/scripts/lloadd/test002-load
new file mode 100755
index 0000000..942f6bc
--- /dev/null
+++ b/tests/scripts/lloadd/test002-load
@@ -0,0 +1,174 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test x$TESTLOOPS = x ; then
+ TESTLOOPS=50
+fi
+
+if test x$TESTCHILDREN = x ; then
+ TESTCHILDREN=20
+fi
+
+if test x$MAXRETRIES = x ; then
+ MAXRETRIES=5
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# fix test data to include back-monitor, if available
+# NOTE: copies do_* files from $DATADIR to $TESTDIR
+$MONITORDATA "$DATADIR" "$TESTDIR"
+
+
+echo "Using tester for concurrent server access ($TESTCHILDREN x $TESTLOOPS ops)..."
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" \
+ -H $URI1 -D "$MANAGERDN" -w $PASSWD \
+ -t 1 -l $TESTLOOPS -r $MAXRETRIES -j $TESTCHILDREN \
+ -i '*INVALID_CREDENTIALS,*BUSY,UNWILLING_TO_PERFORM'
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ exit $RC
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test003-cnconfig b/tests/scripts/lloadd/test003-cnconfig
new file mode 100755
index 0000000..edf5801
--- /dev/null
+++ b/tests/scripts/lloadd/test003-cnconfig
@@ -0,0 +1,433 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+if test $AC_lloadd = lloaddyes ; then
+ echo "Load balancer module not available, skipping..."
+ exit 0
+fi
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing lloadd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Testing cn=config searching..."
+$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \
+ -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Deleting backends"
+
+for i in 1 2 3 4 ; do
+ echo "cn={0}server "$i",olcBackend={0}lload,cn=config"
+ $LDAPDELETE -H $URI6 -D cn=config -y $CONFIGPWF \
+ "cn={0}server "$i",olcBackend={0}lload,cn=config" > /dev/null 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "deleting server failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+done
+
+echo "Testing cn=config searching..."
+$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \
+ -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1
+
+
+echo "# Testing exact searching..."
+
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing adding Server "
+$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=server 7,olcBackend={0}lload,cn=config
+objectClass: olcBkLloadBackendConfig
+cn: server 7
+olcBkLloadBackendUri: $URI3
+olcBkLloadBindconns: 2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadNumconns: 3
+olcBkLloadRetry: 5000
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for cn=server 7 ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Verifying balancer operation..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for backend to start..."
+ sleep $SLEEP1
+done
+
+echo "Testing bindconf modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconf
+olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=wrongmanager,dc=example,dc=com" credentials="secret"
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for bindconf ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "# Sending a search request..."
+
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Restoring bindconf value"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconf
+olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=Manager,dc=example,dc=com" credentials="secret"
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for bindconf ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Verifying balancer operation..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for backend to start..."
+ sleep $SLEEP1
+done
+
+echo "Testing global attributes"
+echo "Testing olcBkLloadMaxPDUPerCycle modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadMaxPDUPerCycle
+olcBkLloadMaxPDUPerCycle: 2000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadMaxPDUPerCycle($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadSockbufMaxClient modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadSockbufMaxClient
+olcBkLloadSockbufMaxClient: 20000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadSockbufMaxClient($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadSockbufMaxUpstream modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadSockbufMaxUpstream
+olcBkLloadSockbufMaxUpstream: 200000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadSockbufMaxUpstream($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadIOTimeout modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadIOTimeout
+olcBkLloadIOTimeout: 20000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadWriteTimeout($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing backend attributes"
+echo "Testing olcBkLloadBindconns modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn={0}server 7,olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconns
+olcBkLloadBindconns: 20
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadBindconns($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Testing olcBkLloadMaxPendingConns modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn={0}server 7,olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadMaxPendingConns
+olcBkLloadMaxPendingConns: 30
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadMaxPendingConns($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test004-monitor b/tests/scripts/lloadd/test004-monitor
new file mode 100755
index 0000000..d1db7c1
--- /dev/null
+++ b/tests/scripts/lloadd/test004-monitor
@@ -0,0 +1,345 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+if test $AC_lloadd = lloaddyes ; then
+ echo "Load balancer module not available, skipping..."
+ exit 0
+fi
+
+# Monitor counts are unstable in the face of concurrency, since different
+# clients may get different upstreams assigned for their operations. This might
+# also change later when tiered load balancing is available.
+# Another constraint is that some global counts are updated by the statistics
+# collection task scheduled to run every second.
+#
+# This test assumes current round-robin policy:
+# - default backend is rotated every time we successfully pick an upstream
+# - upstream connections within the same backend are rotated in the same way
+# - the monitor entry order for upstream connections reflects the connection
+# order within its CIRCLEQ_
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request to prime the counters..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch should have failed ($RC != 52)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor..."
+echo "# Retrieving data from an empty lload's cn=monitor..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: 1 (0 forwarded)" >>$SEARCHOUT
+echo "# Search: 0" >>$SEARCHOUT
+echo "# Unbind: 1" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding first backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 2
+olcBkLloadBindconns: 2
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:4' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data from lload's cn=monitor..." >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding another backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=server 2,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI3
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 4
+olcBkLloadBindconns: 5
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:13' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending another search request..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a WhoAmI? request..."
+$LDAPWHOAMI -D "$BABSDN" -w bjensen -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until global counters are updated..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmCompletedOps:2' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data after a search+WhoAmI?..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: 3 (2 forwarded)" >>$SEARCHOUT
+echo "# Search: 1" >>$SEARCHOUT
+echo "# Extended: 1 (WhoAmI?)" >>$SEARCHOUT
+echo "# Unbind: 3" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$DATADIR/lloadd/monitor.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test005-tls b/tests/scripts/lloadd/test005-tls
new file mode 100755
index 0000000..7d6f87c
--- /dev/null
+++ b/tests/scripts/lloadd/test005-tls
@@ -0,0 +1,272 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $WITH_TLS = no ; then
+ echo "TLS support not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+cp -r $DATADIR/tls $TESTDIR
+
+cd $TESTWD
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF2 -h $URI3 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+# FIXME: Hack!
+echo "TLSCertificateKeyFile $TESTDIR/tls/private/localhost.key" >>$CONF3
+echo "TLSCertificateFile $TESTDIR/tls/certs/localhost.crt" >>$CONF3
+echo 'authz-regexp "email=([^,]*),cn=[^,]*,ou=OpenLDAP,o=OpenLDAP Foundation,st=CA,c=US" ldap:///ou=People,dc=example,dc=com??sub?(mail=$1)' >>$CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT4 w/ ldaps..."
+$SLAPD -f $CONF3 -h $SURI4 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -o tls-reqcert=never -s base -b "$MONITOR" -H $SURI4 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1 and ldaps $PORT2..."
+. $CONFFILTER $BACKEND < $LLOADDTLSCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF | sed -e "s,listen.*,listen \"$URI1 $SURI2\"," > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo -n "Using ldapsearch with startTLS with no server cert validation...."
+$LDAPSEARCH -o tls-reqcert=never -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+echo -n "Using ldapsearch with startTLS with hard require cert...."
+$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+if test $WITH_TLS_TYPE = openssl ; then
+ echo -n "Using ldapsearch with startTLS and specific protocol version...."
+ $LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -o tls-protocol-min=3.3 -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch (protocol-min) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+fi
+
+echo -n "Using ldapsearch on $SURI2 with no server cert validation..."
+$LDAPSEARCH -o tls-reqcert=never -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (ldaps) failed($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+echo -n "Using ldapsearch on $SURI2 with reqcert HARD and no CA cert. Should fail..."
+$LDAPSEARCH -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "ldapsearch (ldaps) succeeded when it should have failed($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+else
+ echo "failed correctly with error code ($RC)"
+fi
+
+echo -n "Using ldapsearch on $SURI2 with CA cert and reqcert HARD..."
+$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
+ -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (ldaps) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+if test $WITH_SASL = no ; then
+ echo "SASL support not available, skipping client cert authentication"
+else
+ echo -n "Using ldapwhoami with SASL/EXTERNAL...."
+ $LDAPSASLWHOAMI -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard \
+ -o tls-cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \
+ -o tls-key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \
+ -ZZ -Y EXTERNAL -H $URIP1 \
+ > $TESTOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+
+ echo -n "Validating mapped SASL ID..."
+ echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out
+ $CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ echo ">>>>> Test succeeded"
+ RC=0
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC
diff --git a/tests/scripts/lloadd/test006-sasl b/tests/scripts/lloadd/test006-sasl
new file mode 100755
index 0000000..a49dbbb
--- /dev/null
+++ b/tests/scripts/lloadd/test006-sasl
@@ -0,0 +1,252 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $WITH_SASL = "yes" ; then
+ if test $USE_SASL = "no" ; then
+ echo "Not asked to test SASL, skipping test, set SLAPD_USE_SASL to enable..."
+ exit 0
+ fi
+ if test $USE_SASL = "yes" ; then
+ MECH="DIGEST-MD5"
+ else
+ MECH="$USE_SASL"
+ fi
+ echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
+else
+ echo "SASL support not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+cp -r $DATADIR/tls $TESTDIR
+
+cd $TESTWD
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2
+echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDSASLCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing lloadd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Checking whether $MECH is supported..."
+$LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "SASL mechanism $MECH is not available, test skipped"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing lloadd's identity can assert any authzid..."
+$LDAPWHOAMI -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+ -e\!"authzid=$AUTHZID" > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing a different identity cannot do the same thing..."
+$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w bjensen \
+ -e\!"authzid=$AUTHZID" >> $TESTOUT 2>/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Validating WhoAmI? results..."
+echo 'dn:cn=bjorn jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/whoami.out
+echo 'Result: Protocol error (2)
+Additional info: proxy authorization control specified multiple times' >> $TESTDIR/whoami.out
+$CMP $TESTDIR/whoami.out $TESTOUT > $CMPOUT
+
+RC=$?
+if test $RC != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "Success"
+fi
+
+
+ID="jaj"
+echo "Testing ldapsearch as $ID for \"$BASEDN\" with SASL bind and identity assertion..."
+$LDAPSASLSEARCH -H $URI1 -b "$BASEDN" \
+ -Q -Y $MECH -O maxbufsize=0 -U "$ID" -w jaj > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ echo ">>>>> Test succeeded"
+ RC=0
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC