diff options
Diffstat (limited to 'tests/scripts/lloadd')
-rwxr-xr-x | tests/scripts/lloadd/test000-rootdse | 118 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test001-backend-issues | 218 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test002-load | 174 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test003-cnconfig | 433 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test004-monitor | 345 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test005-tls | 272 | ||||
-rwxr-xr-x | tests/scripts/lloadd/test006-sasl | 252 |
7 files changed, 1812 insertions, 0 deletions
diff --git a/tests/scripts/lloadd/test000-rootdse b/tests/scripts/lloadd/test000-rootdse new file mode 100755 index 0000000..9046b16 --- /dev/null +++ b/tests/scripts/lloadd/test000-rootdse @@ -0,0 +1,118 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Starting a second slapd on TCP/IP port $PORT3..." +sed -e "s,$DBDIR1,$DBDIR2," < $CONF2 > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Starting a third slapd on TCP/IP port $PORT4..." +sed -e "s,$DBDIR1,$DBDIR3," < $CONF2 > $CONF4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL > $LOG4 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDANONCONF > $CONF1.lloadd +if test $AC_lloadd = lloaddyes; then + $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 & +else + . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd + # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet + $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +fi +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Using ldapsearch to retrieve the root DSE..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -b "" -s base -H $URI1 \ + '@extensibleObject' > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC = 0 ; then + echo "Using ldapsearch to retrieve the cn=Subschema..." + $LDAPSEARCH -b "cn=Subschema" -s base -H $URI1 \ + '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \ + >> $SEARCHOUT 2>&1 + RC=$? + +fi + +if test $RC = 0 ; then + echo "Using ldapsearch to retrieve the cn=Monitor..." + $LDAPSEARCH -b "cn=Monitor" -s base -H $URI1 \ + '@monitor' >> $SEARCHOUT 2>&1 + RC=$? +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +count=3 +if test $RC != 0 ; then + echo ">>>>> Test failed" +else + RC=`grep '^dn:' $SEARCHOUT | wc -l` + if test $RC != $count ; then + echo ">>>>> Test failed: expected $count entries, got" $RC + RC=1 + else + echo ">>>>> Test succeeded" + RC=0 + fi +fi + +test $KILLSERVERS != no && wait + +exit $RC diff --git a/tests/scripts/lloadd/test001-backend-issues b/tests/scripts/lloadd/test001-backend-issues new file mode 100755 index 0000000..9b0b0b2 --- /dev/null +++ b/tests/scripts/lloadd/test001-backend-issues @@ -0,0 +1,218 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Starting an empty slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID3="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd +if test $AC_lloadd = lloaddyes; then + $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 & +else + . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd + $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +fi +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing exact searching..." +echo "# Testing exact searching..." > $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing approximate searching..." +echo "# Testing approximate searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn~=jENSEN)' name >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR searching..." +echo "# Testing OR searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(|(givenname=Xx*yY*Z)(cn=)(undef=*)(objectclass=groupofnames)(sn=jones)(member=cn=Manager,dc=example,dc=com)(uniqueMember=cn=Manager,dc=example,dc=com))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND matching and ends-with searching..." +echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -H $URI1 \ + '(&(objectclass=groupofnames)(cn=A*)(member=cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT searching..." +echo "# Testing NOT searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass/attributeType inheritance ..." +echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT +$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -H $URI1 \ + '(&(objectClass=inetorgperson)(userid=uham))' \ + "2.5.4.0" "userid" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SEARCHOUTPROVIDER + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/lloadd/test002-load b/tests/scripts/lloadd/test002-load new file mode 100755 index 0000000..942f6bc --- /dev/null +++ b/tests/scripts/lloadd/test002-load @@ -0,0 +1,174 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test x$TESTLOOPS = x ; then + TESTLOOPS=50 +fi + +if test x$TESTCHILDREN = x ; then + TESTCHILDREN=20 +fi + +if test x$MAXRETRIES = x ; then + MAXRETRIES=5 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONF > $CONF2 +$SLAPADD -f $CONF2 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting a slapd on TCP/IP port $PORT2..." +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDCONF > $CONF1.lloadd +if test $AC_lloadd = lloaddyes; then + $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 & +else + . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd + # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet + $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +fi +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# fix test data to include back-monitor, if available +# NOTE: copies do_* files from $DATADIR to $TESTDIR +$MONITORDATA "$DATADIR" "$TESTDIR" + + +echo "Using tester for concurrent server access ($TESTCHILDREN x $TESTLOOPS ops)..." +$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" \ + -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -t 1 -l $TESTLOOPS -r $MAXRETRIES -j $TESTCHILDREN \ + -i '*INVALID_CREDENTIALS,*BUSY,UNWILLING_TO_PERFORM' +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "slapd-tester failed ($RC)!" + exit $RC +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/lloadd/test003-cnconfig b/tests/scripts/lloadd/test003-cnconfig new file mode 100755 index 0000000..edf5801 --- /dev/null +++ b/tests/scripts/lloadd/test003-cnconfig @@ -0,0 +1,433 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +if test $AC_lloadd = lloaddyes ; then + echo "Load balancer module not available, skipping..." + exit 0 +fi + +echo "Starting the first slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $CONF > $CONF2 +$SLAPADD -f $CONF2 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF2 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID3="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd +. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd +$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing lloadd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +echo "Testing cn=config searching..." +$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \ + -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Deleting backends" + +for i in 1 2 3 4 ; do + echo "cn={0}server "$i",olcBackend={0}lload,cn=config" + $LDAPDELETE -H $URI6 -D cn=config -y $CONFIGPWF \ + "cn={0}server "$i",olcBackend={0}lload,cn=config" > /dev/null 2>&1 + RC=$? + if test $RC != 0 ; then + echo "deleting server failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +echo "Testing cn=config searching..." +$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \ + -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1 + + +echo "# Testing exact searching..." + +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 52 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing adding Server " +$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: cn=server 7,olcBackend={0}lload,cn=config +objectClass: olcBkLloadBackendConfig +cn: server 7 +olcBkLloadBackendUri: $URI3 +olcBkLloadBindconns: 2 +olcBkLloadMaxPendingConns: 3 +olcBkLloadMaxPendingOps: 5 +olcBkLloadNumconns: 3 +olcBkLloadRetry: 5000 +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for cn=server 7 ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Verifying balancer operation..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for backend to start..." + sleep $SLEEP1 +done + +echo "Testing bindconf modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadBindconf +olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=wrongmanager,dc=example,dc=com" credentials="secret" +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for bindconf ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "# Sending a search request..." + +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 52 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Restoring bindconf value" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadBindconf +olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=Manager,dc=example,dc=com" credentials="secret" +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for bindconf ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +echo "Verifying balancer operation..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for backend to start..." + sleep $SLEEP1 +done + +echo "Testing global attributes" +echo "Testing olcBkLloadMaxPDUPerCycle modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadMaxPDUPerCycle +olcBkLloadMaxPDUPerCycle: 2000 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadMaxPDUPerCycle($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a search request..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing olcBkLloadSockbufMaxClient modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadSockbufMaxClient +olcBkLloadSockbufMaxClient: 20000 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadSockbufMaxClient($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a search request..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing olcBkLloadSockbufMaxUpstream modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadSockbufMaxUpstream +olcBkLloadSockbufMaxUpstream: 200000 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadSockbufMaxUpstream($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a search request..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing olcBkLloadIOTimeout modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadIOTimeout +olcBkLloadIOTimeout: 20000 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadWriteTimeout($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a search request..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing backend attributes" +echo "Testing olcBkLloadBindconns modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn={0}server 7,olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadBindconns +olcBkLloadBindconns: 20 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadBindconns($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing exact searching..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +echo "Testing olcBkLloadMaxPendingConns modify" +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn={0}server 7,olcBackend={0}lload,cn=config +changetype: modify +replace: olcBkLloadMaxPendingConns +olcBkLloadMaxPendingConns: 30 +EOF + +RC=$? +if test $RC != 0 ; then + echo "modify failed for olcBkLloadMaxPendingConns($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing exact searching..." +$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/lloadd/test004-monitor b/tests/scripts/lloadd/test004-monitor new file mode 100755 index 0000000..d1db7c1 --- /dev/null +++ b/tests/scripts/lloadd/test004-monitor @@ -0,0 +1,345 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +if test $AC_lloadd = lloaddyes ; then + echo "Load balancer module not available, skipping..." + exit 0 +fi + +# Monitor counts are unstable in the face of concurrency, since different +# clients may get different upstreams assigned for their operations. This might +# also change later when tiered load balancing is available. +# Another constraint is that some global counts are updated by the statistics +# collection task scheduled to run every second. +# +# This test assumes current round-robin policy: +# - default backend is rotated every time we successfully pick an upstream +# - upstream connections within the same backend are rotated in the same way +# - the monitor entry order for upstream connections reflects the connection +# order within its CIRCLEQ_ + +echo "Starting the first slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $CONF > $CONF2 +$SLAPADD -f $CONF2 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF2 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID3="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd +. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd +$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a search request to prime the counters..." +$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1 +RC=$? +if test $RC != 52 ; then + echo "ldapsearch should have failed ($RC != 52)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Retrieving data from cn=monitor..." +echo "# Retrieving data from an empty lload's cn=monitor..." >>$SEARCHOUT +echo "# Operations received:" >>$SEARCHOUT +echo "# Bind: 1 (0 forwarded)" >>$SEARCHOUT +echo "# Search: 0" >>$SEARCHOUT +echo "# Unbind: 1" >>$SEARCHOUT +$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding first backend server..." +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn=first,olcBackend={0}lload,cn=config +changetype: add +objectClass: olcBkLloadBackendConfig +olcBkLloadBackendUri: $URI2 +olcBkLloadMaxPendingConns: 3 +olcBkLloadMaxPendingOps: 5 +olcBkLloadRetry: 1000 +olcBkLloadNumconns: 2 +olcBkLloadBindconns: 2 +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for backend ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# At the moment, the global counters are updated by a recurring job, +# wait for it to settle +echo "Waiting until connections are established..." +for i in 0 1 2 3 4 5; do + $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + 'olmOutgoingConnections:4' > /dev/null 2>&1 + RC=$? + if test $RC = 6 ; then + break + fi + echo "Waiting $SLEEP1 seconds until connections are established..." + sleep $SLEEP1 +done +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Retrieving data from cn=monitor again..." +echo >>$SEARCHOUT +echo "# Retrieving data from lload's cn=monitor..." >>$SEARCHOUT +$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding another backend server..." +$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn=server 2,olcBackend={0}lload,cn=config +changetype: add +objectClass: olcBkLloadBackendConfig +olcBkLloadBackendUri: $URI3 +olcBkLloadMaxPendingConns: 3 +olcBkLloadMaxPendingOps: 5 +olcBkLloadRetry: 1000 +olcBkLloadNumconns: 4 +olcBkLloadBindconns: 5 +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for backend ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# At the moment, the global counters are updated by a recurring job, +# wait for it to settle +echo "Waiting until connections are established..." +for i in 0 1 2 3 4 5; do + $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + 'olmOutgoingConnections:13' > /dev/null 2>&1 + RC=$? + if test $RC = 6 ; then + break + fi + echo "Waiting $SLEEP1 seconds until connections are established..." + sleep $SLEEP1 +done +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending another search request..." +$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Sending a WhoAmI? request..." +$LDAPWHOAMI -D "$BABSDN" -w bjensen -H $URI1 >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# At the moment, the global counters are updated by a recurring job, +# wait for it to settle +echo "Waiting until global counters are updated..." +for i in 0 1 2 3 4 5; do + $LDAPCOMPARE "cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + 'olmCompletedOps:2' > /dev/null 2>&1 + RC=$? + if test $RC = 6 ; then + break + fi + echo "Waiting $SLEEP1 seconds until connections are established..." + sleep $SLEEP1 +done +if test $RC != 6 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Retrieving data from cn=monitor again..." +echo >>$SEARCHOUT +echo "# Retrieving data after a search+WhoAmI?..." >>$SEARCHOUT +echo "# Operations received:" >>$SEARCHOUT +echo "# Bind: 3 (2 forwarded)" >>$SEARCHOUT +echo "# Search: 1" >>$SEARCHOUT +echo "# Extended: 1 (WhoAmI?)" >>$SEARCHOUT +echo "# Unbind: 3" >>$SEARCHOUT +$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \ + olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$DATADIR/lloadd/monitor.ldif + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/lloadd/test005-tls b/tests/scripts/lloadd/test005-tls new file mode 100755 index 0000000..7d6f87c --- /dev/null +++ b/tests/scripts/lloadd/test005-tls @@ -0,0 +1,272 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $WITH_TLS = no ; then + echo "TLS support not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 +cp -r $DATADIR/tls $TESTDIR + +cd $TESTWD + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2 +$SLAPADD -f $CONF2 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting a slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF2 -h $URI3 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +# FIXME: Hack! +echo "TLSCertificateKeyFile $TESTDIR/tls/private/localhost.key" >>$CONF3 +echo "TLSCertificateFile $TESTDIR/tls/certs/localhost.crt" >>$CONF3 +echo 'authz-regexp "email=([^,]*),cn=[^,]*,ou=OpenLDAP,o=OpenLDAP Foundation,st=CA,c=US" ldap:///ou=People,dc=example,dc=com??sub?(mail=$1)' >>$CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT4 w/ ldaps..." +$SLAPD -f $CONF3 -h $SURI4 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -o tls-reqcert=never -s base -b "$MONITOR" -H $SURI4 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1 and ldaps $PORT2..." +. $CONFFILTER $BACKEND < $LLOADDTLSCONF > $CONF1.lloadd +if test $AC_lloadd = lloaddyes; then + $LLOADD -f $CONF1.lloadd -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 & +else + . $CONFFILTER $BACKEND < $SLAPDLLOADCONF | sed -e "s,listen.*,listen \"$URI1 $SURI2\"," > $CONF1.slapd + $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +fi +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo -n "Using ldapsearch with startTLS with no server cert validation...." +$LDAPSEARCH -o tls-reqcert=never -ZZ -b "" -s base -H $URIP1 \ + '@extensibleObject' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch (startTLS) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +else + echo "success" +fi + +echo -n "Using ldapsearch with startTLS with hard require cert...." +$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -ZZ -b "" -s base -H $URIP1 \ + '@extensibleObject' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch (startTLS) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +else + echo "success" +fi + +if test $WITH_TLS_TYPE = openssl ; then + echo -n "Using ldapsearch with startTLS and specific protocol version...." + $LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -o tls-protocol-min=3.3 -ZZ -b "" -s base -H $URIP1 \ + '@extensibleObject' > $SEARCHOUT 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapsearch (protocol-min) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + else + echo "success" + fi +fi + +echo -n "Using ldapsearch on $SURI2 with no server cert validation..." +$LDAPSEARCH -o tls-reqcert=never -b "cn=Subschema" -s base -H $SURIP2 \ + '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch (ldaps) failed($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +else + echo "success" +fi + +echo -n "Using ldapsearch on $SURI2 with reqcert HARD and no CA cert. Should fail..." +$LDAPSEARCH -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \ + '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldapsearch (ldaps) succeeded when it should have failed($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +else + echo "failed correctly with error code ($RC)" +fi + +echo -n "Using ldapsearch on $SURI2 with CA cert and reqcert HARD..." +$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \ + -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \ + '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch (ldaps) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +else + echo "success" +fi + +if test $WITH_SASL = no ; then + echo "SASL support not available, skipping client cert authentication" +else + echo -n "Using ldapwhoami with SASL/EXTERNAL...." + $LDAPSASLWHOAMI -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard \ + -o tls-cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \ + -o tls-key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \ + -ZZ -Y EXTERNAL -H $URIP1 \ + > $TESTOUT 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami (startTLS) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + else + echo "success" + fi + + echo -n "Validating mapped SASL ID..." + echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out + $CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT + + RC=$? + if test $RC != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + else + echo "success" + fi +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo ">>>>> Test failed" +else + echo ">>>>> Test succeeded" + RC=0 +fi + +test $KILLSERVERS != no && wait + +exit $RC diff --git a/tests/scripts/lloadd/test006-sasl b/tests/scripts/lloadd/test006-sasl new file mode 100755 index 0000000..a49dbbb --- /dev/null +++ b/tests/scripts/lloadd/test006-sasl @@ -0,0 +1,252 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $WITH_SASL = "yes" ; then + if test $USE_SASL = "no" ; then + echo "Not asked to test SASL, skipping test, set SLAPD_USE_SASL to enable..." + exit 0 + fi + if test $USE_SASL = "yes" ; then + MECH="DIGEST-MD5" + else + MECH="$USE_SASL" + fi + echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" +else + echo "SASL support not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 +cp -r $DATADIR/tls $TESTDIR + +cd $TESTWD + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2 +echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF2 +$SLAPADD -f $CONF2 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting a slapd on TCP/IP port $PORT2..." +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$PID" + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 +echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF3 +$SLAPADD -f $CONF3 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running slapindex to index slapd database..." +$SLAPINDEX -f $CONF3 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting second slapd on TCP/IP port $PORT3..." +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +PID2="$PID" +KILLPIDS="$KILLPIDS $PID" + +sleep $SLEEP0 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting lloadd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $LLOADDSASLCONF > $CONF1.lloadd +if test $AC_lloadd = lloaddyes; then + $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 & +else + . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd + $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & +fi +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Testing lloadd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for lloadd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Checking whether $MECH is supported..." +$LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "SASL mechanism $MECH is not available, test skipped" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 +fi + +AUTHZID="u:bjorn" +echo "Testing lloadd's identity can assert any authzid..." +$LDAPWHOAMI -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + -e\!"authzid=$AUTHZID" > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="u:bjorn" +echo "Testing a different identity cannot do the same thing..." +$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w bjensen \ + -e\!"authzid=$AUTHZID" >> $TESTOUT 2>/dev/null +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Validating WhoAmI? results..." +echo 'dn:cn=bjorn jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/whoami.out +echo 'Result: Protocol error (2) +Additional info: proxy authorization control specified multiple times' >> $TESTDIR/whoami.out +$CMP $TESTDIR/whoami.out $TESTOUT > $CMPOUT + +RC=$? +if test $RC != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +else + echo "Success" +fi + + +ID="jaj" +echo "Testing ldapsearch as $ID for \"$BASEDN\" with SASL bind and identity assertion..." +$LDAPSASLSEARCH -H $URI1 -b "$BASEDN" \ + -Q -Y $MECH -O maxbufsize=0 -U "$ID" -w jaj > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s e < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - search with SASL bind and identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo ">>>>> Test failed" +else + echo ">>>>> Test succeeded" + RC=0 +fi + +test $KILLSERVERS != no && wait + +exit $RC |