diff options
Diffstat (limited to 'tests/scripts')
79 files changed, 26308 insertions, 0 deletions
diff --git a/tests/scripts/all b/tests/scripts/all new file mode 100755 index 0000000..0256634 --- /dev/null +++ b/tests/scripts/all @@ -0,0 +1,102 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +. $SRCDIR/scripts/defines.sh + +TB="" TN="" +if test -t 1 ; then + TB=`$SHTOOL echo -e "%B" 2>/dev/null` + TN=`$SHTOOL echo -e "%b" 2>/dev/null` +fi + +FAILCOUNT=0 +SKIPCOUNT=0 +SLEEPTIME=10 + +echo ">>>>> Executing all LDAP tests for $BACKEND" + +if [ -n "$NOEXIT" ]; then + echo "Result Test" > $TESTWD/results +fi + +for CMD in $SRCDIR/scripts/test*; do + case "$CMD" in + *~) continue;; + *.bak) continue;; + *.orig) continue;; + *.sav) continue;; + *) test -f "$CMD" || continue;; + esac + + # remove cruft from prior test + if test $PRESERVE = yes ; then + /bin/rm -rf $TESTDIR/db.* + else + /bin/rm -rf $TESTDIR + fi + if test $BACKEND = ndb ; then + mysql --user root <<EOF + drop database if exists db_1; + drop database if exists db_2; + drop database if exists db_3; + drop database if exists db_4; + drop database if exists db_5; + drop database if exists db_6; +EOF + fi + + BCMD=`basename $CMD` + if [ -x "$CMD" ]; then + echo ">>>>> Starting ${TB}$BCMD${TN} for $BACKEND..." + $CMD + RC=$? + if test $RC -eq 0 ; then + echo ">>>>> $BCMD completed ${TB}OK${TN} for $BACKEND." + else + echo ">>>>> $BCMD ${TB}failed${TN} for $BACKEND" + FAILCOUNT=`expr $FAILCOUNT + 1` + + if [ -n "$NOEXIT" ]; then + echo "Continuing." + else + echo "(exit $RC)" + exit $RC + fi + fi + else + echo ">>>>> Skipping ${TB}$BCMD${TN} for $BACKEND." + SKIPCOUNT=`expr $SKIPCOUNT + 1` + RC="-" + fi + + if [ -n "$NOEXIT" ]; then + echo "$RC $BCMD" >> $TESTWD/results + fi + +# echo ">>>>> waiting $SLEEPTIME seconds for things to exit" +# sleep $SLEEPTIME + echo "" +done + +if [ -n "$NOEXIT" ]; then + if [ "$FAILCOUNT" -gt 0 ]; then + cat $TESTWD/results + echo "$FAILCOUNT tests for $BACKEND ${TB}failed${TN}. Please review the test log." + else + echo "All executed tests for $BACKEND ${TB}succeeded${TN}." + fi +fi + +echo "$SKIPCOUNT tests for $BACKEND were ${TB}skipped${TN}." diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh new file mode 100755 index 0000000..9a33d88 --- /dev/null +++ b/tests/scripts/conf.sh @@ -0,0 +1,82 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +MONMOD=nomod +if [ x"$MONITORDB" = xyes -o x"$MONITORDB" = xmod ] ; then + MON=monitor + if [ $MONITORDB = mod ] ; then + MONMOD=monitormod + fi +else + MON=nomonitor +fi +if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then + SASL="sasl" + if [ x"$USE_SASL" = x"yes" ] ; then + USE_SASL=DIGEST-MD5 + fi + SASL_MECH="\"saslmech=$USE_SASL\"" +else + SASL="nosasl" + SASL_MECH= +fi +sed -e "s/@BACKEND@/${BACKEND}/" \ + -e "s/^#${BACKEND}#//" \ + -e "/^#~/s/^#[^#]*~${BACKEND}~[^#]*#/#omit: /" \ + -e "s/^#~[^#]*~#//" \ + -e "s/@RELAY@/${RELAY}/" \ + -e "s/^#relay-${RELAY}#//" \ + -e "s/^#${BACKENDTYPE}#//" \ + -e "s/^#${AC_ldap}#//" \ + -e "s/^#${AC_meta}#//" \ + -e "s/^#${AC_relay}#//" \ + -e "s/^#${AC_sql}#//" \ + -e "s/^#${RDBMS}#//" \ + -e "s/^#${AC_accesslog}#//" \ + -e "s/^#${AC_dds}#//" \ + -e "s/^#${AC_dynlist}#//" \ + -e "s/^#${AC_memberof}#//" \ + -e "s/^#${AC_pcache}#//" \ + -e "s/^#${AC_ppolicy}#//" \ + -e "s/^#${AC_refint}#//" \ + -e "s/^#${AC_retcode}#//" \ + -e "s/^#${AC_rwm}#//" \ + -e "s/^#${AC_syncprov}#//" \ + -e "s/^#${AC_translucent}#//" \ + -e "s/^#${AC_unique}#//" \ + -e "s/^#${AC_valsort}#//" \ + -e "s/^#${INDEXDB}#//" \ + -e "s/^#${MAINDB}#//" \ + -e "s/^#${MON}#//" \ + -e "s/^#${MONMOD}#//" \ + -e "s/^#${SASL}#//" \ + -e "s/^#${ACI}#//" \ + -e "s;@URI1@;${URI1};" \ + -e "s;@URI2@;${URI2};" \ + -e "s;@URI3@;${URI3};" \ + -e "s;@URI4@;${URI4};" \ + -e "s;@URI5@;${URI5};" \ + -e "s;@URI6@;${URI6};" \ + -e "s;@PORT1@;${PORT1};" \ + -e "s;@PORT2@;${PORT2};" \ + -e "s;@PORT3@;${PORT3};" \ + -e "s;@PORT4@;${PORT4};" \ + -e "s;@PORT5@;${PORT5};" \ + -e "s;@PORT6@;${PORT6};" \ + -e "s/@SASL_MECH@/${SASL_MECH}/" \ + -e "s;@TESTDIR@;${TESTDIR};" \ + -e "s;@TESTWD@;${TESTWD};" \ + -e "s;@DATADIR@;${DATADIR};" \ + -e "s;@SCHEMADIR@;${SCHEMADIR};" \ + -e "/^#/d" diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh new file mode 100755 index 0000000..b374cc5 --- /dev/null +++ b/tests/scripts/defines.sh @@ -0,0 +1,366 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +umask 077 + +TESTWD=`pwd` + +# backends +MONITORDB=${AC_monitor-no} +BACKLDAP=${AC_ldap-ldapno} +BACKMETA=${AC_meta-metano} +BACKRELAY=${AC_relay-relayno} +BACKSQL=${AC_sql-sqlno} + RDBMS=${SLAPD_USE_SQL-rdbmsno} + RDBMSWRITE=${SLAPD_USE_SQLWRITE-no} + +# overlays +ACCESSLOG=${AC_accesslog-accesslogno} +CONSTRAINT=${AC_constraint-constraintno} +DDS=${AC_dds-ddsno} +DYNLIST=${AC_dynlist-dynlistno} +MEMBEROF=${AC_memberof-memberofno} +PROXYCACHE=${AC_pcache-pcacheno} +PPOLICY=${AC_ppolicy-ppolicyno} +REFINT=${AC_refint-refintno} +RETCODE=${AC_retcode-retcodeno} +RWM=${AC_rwm-rwmno} +SYNCPROV=${AC_syncprov-syncprovno} +TRANSLUCENT=${AC_translucent-translucentno} +UNIQUE=${AC_unique-uniqueno} +VALSORT=${AC_valsort-valsortno} + +# misc +WITH_SASL=${AC_WITH_SASL-no} +USE_SASL=${SLAPD_USE_SASL-no} +ACI=${AC_ACI_ENABLED-acino} +THREADS=${AC_THREADS-threadsno} +SLEEP0=${SLEEP0-1} +SLEEP1=${SLEEP1-7} +SLEEP2=${SLEEP2-15} + +# dirs +PROGDIR=./progs +DATADIR=${USER_DATADIR-./testdata} +TESTDIR=${USER_TESTDIR-$TESTWD/testrun} +SCHEMADIR=${USER_SCHEMADIR-./schema} +case "$SCHEMADIR" in +.*) ABS_SCHEMADIR="$TESTWD/$SCHEMADIR" ;; +*) ABS_SCHEMADIR="$SCHEMADIR" ;; +esac + +DBDIR1A=$TESTDIR/db.1.a +DBDIR1B=$TESTDIR/db.1.b +DBDIR1C=$TESTDIR/db.1.c +DBDIR1=$DBDIR1A +DBDIR2A=$TESTDIR/db.2.a +DBDIR2B=$TESTDIR/db.2.b +DBDIR2C=$TESTDIR/db.2.c +DBDIR2=$DBDIR2A +DBDIR3=$TESTDIR/db.3.a +DBDIR4=$TESTDIR/db.4.a +DBDIR5=$TESTDIR/db.5.a +DBDIR6=$TESTDIR/db.6.a +SQLCONCURRENCYDIR=$DATADIR/sql-concurrency + +CLIENTDIR=../clients/tools +#CLIENTDIR=/usr/local/bin + +# conf +CONF=$DATADIR/slapd.conf +CONFTWO=$DATADIR/slapd2.conf +CONF2DB=$DATADIR/slapd-2db.conf +MCONF=$DATADIR/slapd-provider.conf +COMPCONF=$DATADIR/slapd-component.conf +PWCONF=$DATADIR/slapd-pw.conf +WHOAMICONF=$DATADIR/slapd-whoami.conf +ACLCONF=$DATADIR/slapd-acl.conf +RCONF=$DATADIR/slapd-referrals.conf +SRPROVIDERCONF=$DATADIR/slapd-syncrepl-provider.conf +DSRPROVIDERCONF=$DATADIR/slapd-deltasync-provider.conf +DSRCONSUMERCONF=$DATADIR/slapd-deltasync-consumer.conf +PPOLICYCONF=$DATADIR/slapd-ppolicy.conf +PROXYCACHECONF=$DATADIR/slapd-proxycache.conf +PROXYAUTHZCONF=$DATADIR/slapd-proxyauthz.conf +CACHEPROVIDERCONF=$DATADIR/slapd-cache-provider.conf +PROXYAUTHZPROVIDERCONF=$DATADIR/slapd-cache-provider-proxyauthz.conf +R1SRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-refresh1.conf +R2SRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-refresh2.conf +P1SRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-persist1.conf +P2SRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-persist2.conf +P3SRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-persist3.conf +REFCONSUMERCONF=$DATADIR/slapd-ref-consumer.conf +SCHEMACONF=$DATADIR/slapd-schema.conf +GLUECONF=$DATADIR/slapd-glue.conf +REFINTCONF=$DATADIR/slapd-refint.conf +RETCODECONF=$DATADIR/slapd-retcode.conf +UNIQUECONF=$DATADIR/slapd-unique.conf +LIMITSCONF=$DATADIR/slapd-limits.conf +DNCONF=$DATADIR/slapd-dn.conf +EMPTYDNCONF=$DATADIR/slapd-emptydn.conf +IDASSERTCONF=$DATADIR/slapd-idassert.conf +LDAPGLUECONF1=$DATADIR/slapd-ldapglue.conf +LDAPGLUECONF2=$DATADIR/slapd-ldapgluepeople.conf +LDAPGLUECONF3=$DATADIR/slapd-ldapgluegroups.conf +RELAYCONF=$DATADIR/slapd-relay.conf +CHAINCONF1=$DATADIR/slapd-chain1.conf +CHAINCONF2=$DATADIR/slapd-chain2.conf +GLUESYNCCONF1=$DATADIR/slapd-glue-syncrepl1.conf +GLUESYNCCONF2=$DATADIR/slapd-glue-syncrepl2.conf +SQLCONF=$DATADIR/slapd-sql.conf +SQLSRPROVIDERCONF=$DATADIR/slapd-sql-syncrepl-provider.conf +TRANSLUCENTLOCALCONF=$DATADIR/slapd-translucent-local.conf +TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf +METACONF=$DATADIR/slapd-meta.conf +METACONF1=$DATADIR/slapd-meta-target1.conf +METACONF2=$DATADIR/slapd-meta-target2.conf +GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf +ACICONF=$DATADIR/slapd-aci.conf +VALSORTCONF=$DATADIR/slapd-valsort.conf +DYNLISTCONF=$DATADIR/slapd-dynlist.conf +RCONSUMERCONF=$DATADIR/slapd-repl-consumer-remote.conf +PLSRCONSUMERCONF=$DATADIR/slapd-syncrepl-consumer-persist-ldap.conf +PLSRPROVIDERCONF=$DATADIR/slapd-syncrepl-multiproxy.conf +DDSCONF=$DATADIR/slapd-dds.conf +PASSWDCONF=$DATADIR/slapd-passwd.conf +UNDOCONF=$DATADIR/slapd-config-undo.conf +NAKEDCONF=$DATADIR/slapd-config-naked.conf +VALREGEXCONF=$DATADIR/slapd-valregex.conf + +DYNAMICCONF=$DATADIR/slapd-dynamic.ldif + +# generated files +CONF1=$TESTDIR/slapd.1.conf +CONF2=$TESTDIR/slapd.2.conf +CONF3=$TESTDIR/slapd.3.conf +CONF4=$TESTDIR/slapd.4.conf +CONF5=$TESTDIR/slapd.5.conf +CONF6=$TESTDIR/slapd.6.conf +ADDCONF=$TESTDIR/slapadd.conf +CONFLDIF=$TESTDIR/slapd-dynamic.ldif + +LOG1=$TESTDIR/slapd.1.log +LOG2=$TESTDIR/slapd.2.log +LOG3=$TESTDIR/slapd.3.log +LOG4=$TESTDIR/slapd.4.log +LOG5=$TESTDIR/slapd.5.log +LOG6=$TESTDIR/slapd.6.log +SLAPADDLOG1=$TESTDIR/slapadd.1.log +SLURPLOG=$TESTDIR/slurp.log + +CONFIGPWF=$TESTDIR/configpw + +# args +TOOLARGS="-x $LDAP_TOOLARGS" +TOOLPROTO="-P 3" + +# cmds +CONFFILTER=$SRCDIR/scripts/conf.sh + +MONITORDATA=$SRCDIR/scripts/monitor_data.sh + +SLAPADD="$TESTWD/../servers/slapd/slapd -Ta -d 0 $LDAP_VERBOSE" +SLAPCAT="$TESTWD/../servers/slapd/slapd -Tc -d 0 $LDAP_VERBOSE" +SLAPINDEX="$TESTWD/../servers/slapd/slapd -Ti -d 0 $LDAP_VERBOSE" +SLAPPASSWD="$TESTWD/../servers/slapd/slapd -Tpasswd" + +unset DIFF_OPTIONS +# NOTE: -u/-c is not that portable... +DIFF="diff -i" +CMP="diff -i" +BCMP="diff -iB" +CMPOUT=/dev/null +SLAPD="$TESTWD/../servers/slapd/slapd -s0" +LDAPPASSWD="$CLIENTDIR/ldappasswd $TOOLARGS" +LDAPSASLSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $LDAP_TOOLARGS -LLL" +LDAPSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $TOOLARGS -LLL" +LDAPRSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $TOOLARGS" +LDAPDELETE="$CLIENTDIR/ldapdelete $TOOLPROTO $TOOLARGS" +LDAPMODIFY="$CLIENTDIR/ldapmodify $TOOLPROTO $TOOLARGS" +LDAPADD="$CLIENTDIR/ldapmodify -a $TOOLPROTO $TOOLARGS" +LDAPMODRDN="$CLIENTDIR/ldapmodrdn $TOOLPROTO $TOOLARGS" +LDAPWHOAMI="$CLIENTDIR/ldapwhoami $TOOLARGS" +LDAPCOMPARE="$CLIENTDIR/ldapcompare $TOOLARGS" +LDAPEXOP="$CLIENTDIR/ldapexop $TOOLARGS" +SLAPDTESTER=$PROGDIR/slapd-tester +LDIFFILTER=$PROGDIR/ldif-filter +SLAPDMTREAD=$PROGDIR/slapd-mtread +LVL=${SLAPD_DEBUG-0x4105} +LOCALHOST=localhost +BASEPORT=${SLAPD_BASEPORT-9010} +PORT1=`expr $BASEPORT + 1` +PORT2=`expr $BASEPORT + 2` +PORT3=`expr $BASEPORT + 3` +PORT4=`expr $BASEPORT + 4` +PORT5=`expr $BASEPORT + 5` +PORT6=`expr $BASEPORT + 6` +URI1="ldap://${LOCALHOST}:$PORT1/" +URI2="ldap://${LOCALHOST}:$PORT2/" +URI3="ldap://${LOCALHOST}:$PORT3/" +URI4="ldap://${LOCALHOST}:$PORT4/" +URI5="ldap://${LOCALHOST}:$PORT5/" +URI6="ldap://${LOCALHOST}:$PORT6/" + +# LDIF +LDIF=$DATADIR/test.ldif +LDIFADD1=$DATADIR/do_add.1 +LDIFGLUED=$DATADIR/test-glued.ldif +LDIFORDERED=$DATADIR/test-ordered.ldif +LDIFORDEREDCP=$DATADIR/test-ordered-cp.ldif +LDIFORDEREDNOCP=$DATADIR/test-ordered-nocp.ldif +LDIFBASE=$DATADIR/test-base.ldif +LDIFPASSWD=$DATADIR/passwd.ldif +LDIFWHOAMI=$DATADIR/test-whoami.ldif +LDIFPASSWDOUT=$DATADIR/passwd-out.ldif +LDIFPPOLICY=$DATADIR/ppolicy.ldif +LDIFLANG=$DATADIR/test-lang.ldif +LDIFLANGOUT=$DATADIR/lang-out.ldif +LDIFREF=$DATADIR/referrals.ldif +LDIFREFINT=$DATADIR/test-refint.ldif +LDIFUNIQUE=$DATADIR/test-unique.ldif +LDIFLIMITS=$DATADIR/test-limits.ldif +LDIFDN=$DATADIR/test-dn.ldif +LDIFEMPTYDN1=$DATADIR/test-emptydn1.ldif +LDIFEMPTYDN2=$DATADIR/test-emptydn2.ldif +LDIFIDASSERT1=$DATADIR/test-idassert1.ldif +LDIFIDASSERT2=$DATADIR/test-idassert2.ldif +LDIFLDAPGLUE1=$DATADIR/test-ldapglue.ldif +LDIFLDAPGLUE2=$DATADIR/test-ldapgluepeople.ldif +LDIFLDAPGLUE3=$DATADIR/test-ldapgluegroups.ldif +LDIFCOMPMATCH=$DATADIR/test-compmatch.ldif +LDIFCHAIN1=$DATADIR/test-chain1.ldif +LDIFCHAIN2=$DATADIR/test-chain2.ldif +LDIFTRANSLUCENTDATA=$DATADIR/test-translucent-data.ldif +LDIFTRANSLUCENTCONFIG=$DATADIR/test-translucent-config.ldif +LDIFTRANSLUCENTADD=$DATADIR/test-translucent-add.ldif +LDIFTRANSLUCENTMERGED=$DATADIR/test-translucent-merged.ldif +LDIFMETA=$DATADIR/test-meta.ldif +LDIFVALSORT=$DATADIR/test-valsort.ldif +SQLADD=$DATADIR/sql-add.ldif +LDIFUNORDERED=$DATADIR/test-unordered.ldif +LDIFREORDERED=$DATADIR/test-reordered.ldif + +# strings +MONITOR="" +REFDN="c=US" +BASEDN="dc=example,dc=com" +MANAGERDN="cn=Manager,$BASEDN" +UPDATEDN="cn=consumer,$BASEDN" +PASSWD=secret +BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN" +BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN" +BADBJORNSDN="cn=Bjorn JensenNotReally,ou=Information Technology DivisioN,ou=People,$BASEDN" +JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN" +JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN" +MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" +REFINTDN="cn=Manager,o=refint" +RETCODEDN="ou=RetCodes,$BASEDN" +UNIQUEDN="cn=Manager,o=unique" +EMPTYDNDN="cn=Manager,c=US" +TRANSLUCENTROOT="o=translucent" +TRANSLUCENTUSER="ou=users,o=translucent" +TRANSLUCENTDN="uid=binder,o=translucent" +TRANSLUCENTPASSWD="bindtest" +METABASEDN="ou=Meta,$BASEDN" +METAMANAGERDN="cn=Manager,$METABASEDN" +VALSORTDN="cn=Manager,o=valsort" +VALSORTBASEDN="o=valsort" +MONITORDN="cn=Monitor" +OPERATIONSMONITORDN="cn=Operations,$MONITORDN" +CONNECTIONSMONITORDN="cn=Connections,$MONITORDN" +DATABASESMONITORDN="cn=Databases,$MONITORDN" +STATISTICSMONITORDN="cn=Statistics,$MONITORDN" + +# generated outputs +SEARCHOUT=$TESTDIR/ldapsearch.out +SEARCHOUT2=$TESTDIR/ldapsearch2.out +SEARCHFLT=$TESTDIR/ldapsearch.flt +SEARCHFLT2=$TESTDIR/ldapsearch2.flt +LDIFFLT=$TESTDIR/ldif.flt +LDIFFLT2=$TESTDIR/ldif2.flt +TESTOUT=$TESTDIR/test.out +INITOUT=$TESTDIR/init.out +VALSORTOUT1=$DATADIR/valsort1.out +VALSORTOUT2=$DATADIR/valsort2.out +VALSORTOUT3=$DATADIR/valsort3.out +MONITOROUT1=$DATADIR/monitor1.out +MONITOROUT2=$DATADIR/monitor2.out +MONITOROUT3=$DATADIR/monitor3.out +MONITOROUT4=$DATADIR/monitor4.out + +SERVER1OUT=$TESTDIR/server1.out +SERVER1FLT=$TESTDIR/server1.flt +SERVER2OUT=$TESTDIR/server2.out +SERVER2FLT=$TESTDIR/server2.flt +SERVER3OUT=$TESTDIR/server3.out +SERVER3FLT=$TESTDIR/server3.flt +SERVER4OUT=$TESTDIR/server4.out +SERVER4FLT=$TESTDIR/server4.flt +SERVER5OUT=$TESTDIR/server5.out +SERVER5FLT=$TESTDIR/server5.flt +SERVER6OUT=$TESTDIR/server6.out +SERVER6FLT=$TESTDIR/server6.flt + +PROVIDEROUT=$SERVER1OUT +PROVIDERFLT=$SERVER1FLT +CONSUMEROUT=$SERVER2OUT +CONSUMER2OUT=$SERVER3OUT +CONSUMERFLT=$SERVER2FLT +CONSUMER2FLT=$SERVER3FLT + +MTREADOUT=$TESTDIR/mtread.out + +# original outputs for cmp +PROXYCACHEOUT=$DATADIR/proxycache.out +REFERRALOUT=$DATADIR/referrals.out +SEARCHOUTPROVIDER=$DATADIR/search.out.provider +SEARCHOUTX=$DATADIR/search.out.xsearch +COMPSEARCHOUT=$DATADIR/compsearch.out +MODIFYOUTPROVIDER=$DATADIR/modify.out.provider +ADDDELOUTPROVIDER=$DATADIR/adddel.out.provider +MODRDNOUTPROVIDER0=$DATADIR/modrdn.out.provider.0 +MODRDNOUTPROVIDER1=$DATADIR/modrdn.out.provider.1 +MODRDNOUTPROVIDER2=$DATADIR/modrdn.out.provider.2 +MODRDNOUTPROVIDER3=$DATADIR/modrdn.out.provider.3 +ACLOUTPROVIDER=$DATADIR/acl.out.provider +REPLOUTPROVIDER=$DATADIR/repl.out.provider +MODSRCHFILTERS=$DATADIR/modify.search.filters +CERTIFICATETLS=$DATADIR/certificate.tls +CERTIFICATEOUT=$DATADIR/certificate.out +DNOUT=$DATADIR/dn.out +EMPTYDNOUT1=$DATADIR/emptydn.out.slapadd +EMPTYDNOUT2=$DATADIR/emptydn.out +IDASSERTOUT=$DATADIR/idassert.out +LDAPGLUEOUT=$DATADIR/ldapglue.out +LDAPGLUEANONYMOUSOUT=$DATADIR/ldapglueanonymous.out +RELAYOUT=$DATADIR/relay.out +CHAINOUT=$DATADIR/chain.out +CHAINREFOUT=$DATADIR/chainref.out +CHAINMODOUT=$DATADIR/chainmod.out +GLUESYNCOUT=$DATADIR/gluesync.out +SQLREAD=$DATADIR/sql-read.out +SQLWRITE=$DATADIR/sql-write.out +TRANSLUCENTOUT=$DATADIR/translucent.search.out +METAOUT=$DATADIR/meta.out +METACONCURRENCYOUT=$DATADIR/metaconcurrency.out +MANAGEOUT=$DATADIR/manage.out +SUBTREERENAMEOUT=$DATADIR/subtree-rename.out +ACIOUT=$DATADIR/aci.out +DYNLISTOUT=$DATADIR/dynlist.out +DDSOUT=$DATADIR/dds.out +MEMBEROFOUT=$DATADIR/memberof.out +MEMBEROFREFINTOUT=$DATADIR/memberof-refint.out +SHTOOL="$SRCDIR/../build/shtool" + diff --git a/tests/scripts/its-all b/tests/scripts/its-all new file mode 100755 index 0000000..7859351 --- /dev/null +++ b/tests/scripts/its-all @@ -0,0 +1,52 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +SHTOOL="$SRCDIR/../build/shtool" + +TB="" TN="" +if test -t 1 ; then + TB=`$SHTOOL echo -e "%B" 2>/dev/null` + TN=`$SHTOOL echo -e "%b" 2>/dev/null` +fi + +echo "#######################################################################" +echo "### ###" +echo "### regression tests ###" +echo "### ###" +echo "#######################################################################" +echo "###" + +echo ">>>>> Executing all LDAP ITS regression tests" + +for CMD in $SRCDIR/data/regressions/its*/its*; do + # remove cruft from prior test + if test $PRESERVE = yes ; then + /bin/rm -rf testrun/db.* + else + /bin/rm -rf testrun + fi + + echo ">>>>> Starting ${TB}`basename $CMD`${TN} ..." + $CMD + RC=$? + if test $RC -eq 0 ; then + echo ">>>>> $CMD completed ${TB}OK${TN}." + else + echo ">>>>> $CMD ${TB}failed${TN} (exit $RC)" + exit $RC + fi + + echo "" +done diff --git a/tests/scripts/monitor_data.sh b/tests/scripts/monitor_data.sh new file mode 100755 index 0000000..a1ca576 --- /dev/null +++ b/tests/scripts/monitor_data.sh @@ -0,0 +1,48 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +MONITORDB="$1" +SRCDIR="$2" +DSTDIR="$3" + +echo "MONITORDB $MONITORDB" +echo "SRCDIR $SRCDIR" +echo "DSTDIR $DSTDIR" +echo "pwd `pwd`" + +# copy test data +cp "$SRCDIR"/do_* "$DSTDIR" +if test $MONITORDB != no ; then + + # add back-monitor testing data + cat >> "$DSTDIR/do_search.0" << EOF +cn=Monitor +(objectClass=*) +cn=Monitor +(objectClass=*) +cn=Monitor +(objectClass=*) +cn=Monitor +(objectClass=*) +EOF + + cat >> "$DSTDIR/do_read.0" << EOF +cn=Backend 1,cn=Backends,cn=Monitor +cn=Entries,cn=Statistics,cn=Monitor +cn=Database 1,cn=Databases,cn=Monitor +EOF + +fi + diff --git a/tests/scripts/passwd-search b/tests/scripts/passwd-search new file mode 100755 index 0000000..a35bfb9 --- /dev/null +++ b/tests/scripts/passwd-search @@ -0,0 +1,133 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +if test $# -eq 0 ; then + test -z "$SRCDIR" && SRCDIR="." +else + SRCDIR=$1; shift +fi +if test $# -eq 1 ; then + BACKEND=$1; shift +fi + +echo "running defines.sh $SRCDIR $BACKEND" +. $SRCDIR/scripts/defines.sh + +if test -d "$TESTDIR"; then + echo "Cleaning up in $TESTDIR..." + /bin/rm -rf $TESTDIR/db.* +fi +mkdir -p $TESTDIR + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $PASSWDCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test ${WAIT-0} != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -L -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 1 ; then + echo "Waiting 5 seconds for slapd to start..." + sleep 5 + fi +done + +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $TESTOUT + +echo "Testing base suffix searching..." +$LDAPSEARCH -L -S "" -b "$BASEDN" -s base -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo " ------------ " >> $TESTOUT + +echo "Testing user searching..." +$LDAPSEARCH -L -S "" -b "uid=root,$BASEDN" -s base -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo " ------------ " >> $TESTOUT + +echo "Testing exact searching..." +$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(uid=root)' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo " ------------ " >> $TESTOUT + +echo "Testing OR searching..." +$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(|(objectclass=person)(cn=root))' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo " ------------ " >> $TESTOUT + +echo "Testing AND searching..." +$LDAPSEARCH -L -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(&(objectclass=person)(cn=root))' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed!" + test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + exit $RC +fi + +test "$KILLSERVERS" != no && kill -HUP $KILLPIDS + +echo "Assuming everything is fine." +#echo "Comparing results" +#$CMP $TESTOUT $SEARCHOUTPROVIDER +#if test $? != 0 ; then +# echo "Comparison failed" +# exit 1 +#fi + +echo ">>>>> Test succeeded" + +exit 0 diff --git a/tests/scripts/relay b/tests/scripts/relay new file mode 100755 index 0000000..2e4fa6b --- /dev/null +++ b/tests/scripts/relay @@ -0,0 +1,395 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "Using $RELAY backend..." +echo "" + +echo "Starting slapd on TCP/IP port $PORT1..." +echo "======== Starting slapd with $RELAY backend ========" >> $LOG1 +. $CONFFILTER $BACKEND $MONITORDB < $RELAYCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +BASEDN="dc=example,dc=com" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Esempio,c=IT" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Beispiel,c=DE" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# +# Do some modifications +# + +BASEDN="o=Beispiel,c=DE" +echo "Modifying database \"$BASEDN\"..." +$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -M >> $TESTOUT 2>&1 << EOMODS +dn: cn=Added User,ou=Alumni Association,ou=People,$BASEDN +changetype: add +objectClass: OpenLDAPperson +cn: Added User +sn: User +uid: auser +seealso: cn=All Staff,ou=Groups,$BASEDN +homephone: +49 1234567890 +drink: Beer +mail: auser@mail.alumni.example.com +telephonenumber: +49 1234-567-890 +description: Just added in o=Beispiel,c=DE naming context + +dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN +changetype: modify +add: seeAlso +seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN +- +add: description +description: Just added self to seeAlso in $BASEDN virtual naming context +- + +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN +changetype: delete + +dn: cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN +changetype: modrdn +newrdn: cn=John P. Doe +deleteoldrdn: 1 + +dn: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN +changetype: modrdn +newrdn: cn=Jane Q. Doe +deleteoldrdn: 1 +newsuperior: ou=Information Technology Division,ou=People,$BASEDN + +dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,$BASEDN +changetype: modify +add: cn +cn: Jane Qissapaolo Doe +- +# This operation (delete of DN-valued attribute) triggered ITS#3498 +delete: seeAlso +- + +dn: cn=Jane Q. Doe,ou=Information Technology Division,ou=People,$BASEDN +changetype: modify +add: seeAlso +seeAlso: cn=All Staff,ou=Groups,$BASEDN +- + +dn: ou=Referrals,$BASEDN +changetype: add +objectclass: referral +objectclass: extensibleObject +ou: Referrals +ref: ldap://localhost.localdomain/ou=Referrals,$BASEDN +description: Just added as ldap://localhost.localdomain:389/ou=Referrals,$BASEDN + +dn: ou=Referrals,$BASEDN +changetype: modify +replace: ref +ref: ldap://localhost:9012/ou=Referrals,$BASEDN +- +add: description +description: ...and modified as ldap://localhost:9012/ou=Referrals,$BASEDN +- +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "Modify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Example,c=US" +echo "Modifying database \"$BASEDN\"..." +$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -M >> $TESTOUT 2>&1 << EOMODS +# These operations (updates with objectClass mapping) triggered ITS#3499 +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +objectClass: uidObject +cn: Added Group +member: cn=Added Group,ou=Groups,$BASEDN +uid: added + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +cn: Another Added Group +member: cn=Added Group,ou=Groups,$BASEDN +member: cn=Another Added Group,ou=Groups,$BASEDN + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: modify +add: objectClass +objectClass: uidObject +- +add: uid +uid: added +- + +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: modify +delete: objectClass +objectClass: uidObject +- +delete: uid +- +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "Modify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Esempio,c=IT" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(objectClass=referral)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"'*' ref\"" +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"'*' ref\"" >> $SEARCHOUT + +BASEDN="dc=example,dc=com" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Example,c=US" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Esempio,c=IT" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Example,c=US" +FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"seeAlso\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"seeAlso\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" seeAlso \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(uid=example)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"uid\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"uid\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" uid \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"member\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S '' -h $LOCALHOST -p $PORT1 -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $RELAYOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - relay search/modification didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +BASEDN="o=Example,c=US" +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -h $LOCALHOST -p $PORT1 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s $PASSWD "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Beispiel,c=DE" +echo "Binding with newly changed password to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \ + -D "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="o=Esempio,c=IT" +echo "Comparing to database \"$BASEDN\"..." +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Added User,ou=Alumni Association,ou=People,$BASEDN" \ + "seeAlso:cn=All Staff,ou=Groups,$BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 6 && test $RC,$BACKEND != 5,null ; then + echo "Compare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS diff --git a/tests/scripts/sql-all b/tests/scripts/sql-all new file mode 100755 index 0000000..1cf1f60 --- /dev/null +++ b/tests/scripts/sql-all @@ -0,0 +1,70 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +SHTOOL="$SRCDIR/../build/shtool" + +TB="" TN="" +if test -t 1 ; then + TB=`$SHTOOL echo -e "%B" 2>/dev/null` + TN=`$SHTOOL echo -e "%b" 2>/dev/null` +fi + +SLEEPTIME=10 + +echo "#######################################################################" +echo "### ###" +echo "### SQL tests ###" +echo "### ###" +echo "#######################################################################" +echo "###" +echo "### SQL tests require the sql backend, a properly configured" +echo "### ODBC and a database populated with data from the applicable" +echo "### servers/slapd/back-sql/rdbms_depend/* files." +echo "###" +echo "### Set SLAPD_USE_SQL to the desired RDBMS to enable this test;" +echo "###" +echo "### Currently supported RDBMSes are:" +echo "### ibmdb2, mysql, pgsql" +echo "###" +echo "### Set SLAPD_USE_SQLWRITE=yes to enable the write tests" +echo "###" +echo "### See servers/slapd/back-sql/rdbms_depend/README for more " +echo "### details on how to set up the RDBMS and the ODBC" +echo "###" + +echo ">>>>> Executing all LDAP tests for $BACKEND" + +for CMD in $SRCDIR/scripts/sql-test*; do + # remove cruft from prior test + if test $PRESERVE = yes ; then + /bin/rm -rf testrun/db.* + else + /bin/rm -rf testrun + fi + + echo ">>>>> Starting ${TB}`basename $CMD`${TN} ..." + $CMD + RC=$? + if test $RC -eq 0 ; then + echo ">>>>> $CMD completed ${TB}OK${TN}." + else + echo ">>>>> $CMD ${TB}failed${TN} (exit $RC)" + exit $RC + fi + + echo ">>>>> waiting $SLEEPTIME seconds for things to exit" + sleep $SLEEPTIME + echo "" +done diff --git a/tests/scripts/sql-test000-read b/tests/scripts/sql-test000-read new file mode 100755 index 0000000..285ba33 --- /dev/null +++ b/tests/scripts/sql-test000-read @@ -0,0 +1,568 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKSQL = "sqlno" ; then + echo "SQL backend not available, test skipped" + exit 0 +fi + +if test $RDBMS = "rdbmsno" ; then + echo "SQL test not requested, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing SQL backend read operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BASEDN="dc=example,dc=com" +BINDDN="cn=Mitya Kovalev,${BASEDN}" +BINDPW="mit" +echo -n "Testing correct bind... " +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo -n "Testing incorrect bind (should fail)... " +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w "XXX" +RC=$? +if test $RC = 0 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing baseobject search..." +echo "# Testing baseobject search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -s base -S "" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing onelevel search..." +echo "# Testing onelevel search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -s one -S "" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing subtree search..." +echo "# Testing subtree search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing subtree search with manageDSAit..." +echo "# Testing subtree search with manageDSAit..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -M -S "" '*' ref \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing invalid filter..." +echo "# Testing invalid filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(foo=)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing exact search..." +echo "# Testing exact search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(sn=Kovalev)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing substrings initial search..." +echo "# Testing substrings initial search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=m*)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing substrings any search..." +echo "# Testing substrings any search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=*m*)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing substrings final search..." +echo "# Testing substrings final search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=*v)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing approx search..." +echo "# Testing approx search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(sn~=kovalev)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing extensible filter search..." +echo "# Testing extensible filter search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(sn:caseExactMatch:=Kovalev)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing search for telephoneNumber..." +echo "# Testing search for telephoneNumber..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(telephoneNumber=3322334)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND search..." +echo "# Testing AND search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(&(sn=kovalev)(givenName=mitya))" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND search on objectClass..." +echo "# Testing AND search on objectClass..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(&(objectClass=organization)(objectClass=dcObject))" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR search..." +echo "# Testing OR search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(|(sn=kovalev)(givenName=mitya))" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR search on objectClass..." +echo "# Testing OR search on objectClass..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(|(objectClass=document)(objectClass=organization))" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT search..." +echo "# Testing NOT search..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + '(!(sn=kovalev))' >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT search on objectClass..." +echo "# Testing NOT search on objectClass..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + '(!(objectClass=inetOrgPerson))' >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT search on \"auxiliary\" objectClass..." +echo "# Testing NOT search on \"auxiliary\" objectClass..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + '(!(objectClass=dcObject))' >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#### Needs work... +echo "Testing NOT presence search... (disabled)" +###echo "# Testing NOT presence search..." >> $SEARCHOUT +###$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ +### '(!(sn=*))' >> $SEARCHOUT 2>&1 +### +###RC=$? +###if test $RC != 0 ; then +### echo "ldapsearch failed ($RC)!" +### test $KILLSERVERS != no && kill -HUP $KILLPIDS +### exit $RC +###fi + +echo "Testing attribute inheritance in filter..." +echo "# Testing attribute inheritance in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(name=example)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# ITS#4604 +echo "Testing undefined attribute in filter..." +echo "# Testing undefined attribute in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(|(o=example)(foobar=x))" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass inheritance in filter..." +echo "# Testing objectClass inheritance in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(objectClass=person)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing \"auxiliary\" objectClass in filter..." +echo "# Testing \"auxiliary\" objectClass in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(objectClass=dcObject)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing hasSubordinates in filter..." +echo "# Testing hasSubordinates in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(hasSubordinates=TRUE)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing entryUUID in filter..." +echo "# Testing entryUUID in filter..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(entryUUID=00000001-0000-0001-0000-000000000000)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing attribute inheritance in requested attributes..." +echo "# Testing attribute inheritance in requested attributes..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + "(sn=kovalev)" name >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass in requested attributes..." +echo "# Testing objectClass in requested attributes..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + objectClass >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing operational attributes in request..." +echo "# Testing operational attributes in request..." >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" \ + '+' 2>&1 > $SEARCHFLT + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep -v '^entryCSN:' $SEARCHFLT >> $SEARCHOUT + +SIZELIMIT=4 +echo "Testing size limit..." +$LDAPRSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + -z $SIZELIMIT -S "" '(objectClass=*)' >$SEARCHFLT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHFLT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...bumped into requested size limit ($SIZELIMIT)" + else + echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo -n "Testing compare (should be TRUE)... " +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \ + "sn:kovalev" >> $TESTOUT 2>&1 + +RC=$? +case $RC in +6) + echo "TRUE" + ;; +5) echo "FALSE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +*) echo "failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +echo -n "Testing compare (should be FALSE)... " +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \ + "cn:foobar" >> $TESTOUT 2>&1 + +RC=$? +case $RC in +6) + echo "TRUE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +5) echo "FALSE" + ;; +*) echo "failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +echo -n "Testing compare (should be UNDEFINED)... " +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BINDDN" \ + "o:example" >> $TESTOUT 2>&1 + +RC=$? +case $RC in +6) + echo "TRUE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +5) echo "FALSE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +*) echo "failed ($RC)" + ;; +esac + +echo -n "Testing compare on hasSubordinates (should be TRUE)... " +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 "$BASEDN" \ + "hasSubordinates:TRUE" >> $TESTOUT 2>&1 + +RC=$? +case $RC in +6) + echo "TRUE" + ;; +5) echo "FALSE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +*) echo "failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif..." +$LDIFFILTER < $SQLREAD > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - SQL search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" +exit 0 diff --git a/tests/scripts/sql-test001-concurrency b/tests/scripts/sql-test001-concurrency new file mode 100755 index 0000000..ecd8b8a --- /dev/null +++ b/tests/scripts/sql-test001-concurrency @@ -0,0 +1,138 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKSQL = "sqlno" ; then + echo "SQL backend not available, test skipped" + exit 0 +fi + +if test $RDBMS = "rdbmsno" ; then + echo "SQL test not requested, test skipped" + exit 0 +fi + +if test "x$TESTLOOPS" = "x" ; then + TESTLOOPS=5 +fi + +if test "x$CHILDREN" = "x" ; then + CHILDREN="-j 4" +else + CHILDREN="-j $CHILDREN" +fi + +SQLDATADIR=$TESTDIR/sql-concurrency +mkdir -p $TESTDIR $SQLDATADIR + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing SQL backend concurrency..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $SEARCHOUT > $LDIFFLT + +if test "${RDBMSWRITE}" != "yes"; then + echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable" + cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \ + $SQLCONCURRENCYDIR/do_bind* $SQLDATADIR +else + case ${RDBMS} in + # list here the RDBMSes whose mapping allows writes + pgsql|ibmdb2) + cp $SQLCONCURRENCYDIR/do_* $SQLDATADIR + ;; + *) + echo "write is not supported for ${RDBMS}; performing read-only concurrency test" + cp $SQLCONCURRENCYDIR/do_read* $SQLCONCURRENCYDIR/do_search* \ + $SQLCONCURRENCYDIR/do_bind* $SQLDATADIR + ;; + esac +fi + +echo "Using tester for concurrent server access..." +$SLAPDTESTER -P "$PROGDIR" -d "$SQLDATADIR" \ + -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ + -l $TESTLOOPS $CHILDREN -FF +RC=$? + +if test $RC != 0 ; then + echo "slapd-tester failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" +exit 0 + diff --git a/tests/scripts/sql-test900-write b/tests/scripts/sql-test900-write new file mode 100755 index 0000000..e10e805 --- /dev/null +++ b/tests/scripts/sql-test900-write @@ -0,0 +1,573 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKSQL = "sqlno" ; then + echo "SQL backend not available, test skipped" + exit 0 +fi + +if test $RDBMS = "rdbmsno" ; then + echo "SQL test not requested, test skipped" + exit 0 +fi + +if test "${RDBMSWRITE}" != "yes"; then + echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable" + exit 0 +fi + +mkdir -p $TESTDIR + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SQLCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing SQL backend write operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +BASEDN="dc=example,dc=com" + +echo "Using ldapsearch to retrieve all the entries..." +echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +case ${RDBMS} in + # list here the RDBMSes whose mapping allows writes +pgsql|ibmdb2) + MANAGERDN="cn=Manager,${BASEDN}" + echo "Testing add..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Adding an organization... +dn: o=An Org,${BASEDN} +changetype: add +objectClass: organization +o: An Org + +# Adding an organization with an "auxiliary" objectClass.. +dn: dc=subnet,${BASEDN} +changetype: add +objectClass: organization +objectClass: dcObject +o: SubNet +dc: subnet + +# Adding another organization with an "auxiliary" objectClass.. +dn: dc=subnet2,${BASEDN} +changetype: add +objectClass: organization +objectClass: dcObject +o: SubNet 2 +dc: subnet2 + +# Adding a person... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: Lev Tolstoij +sn: Tolstoij +givenName: Lev +telephoneNumber: +39 02 XXXX YYYY +telephoneNumber: +39 02 XXXX ZZZZ +userPassword: tanja + +# Adding a person with an "auxiliary" objectClass... +dn: cn=Some One,${BASEDN} +changetype: add +objectClass: inetOrgPerson +objectClass: simpleSecurityObject +cn: Some One +sn: One +givenName: Some +telephoneNumber: +1 800 900 1234 +telephoneNumber: +1 800 900 1235 +userPassword: someone + +# Adding a person in another subtree... +dn: cn=SubNet User,dc=subnet,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: SubNet User +sn: User +givenName: SubNet + +# Adding a document... +dn: documentTitle=War and Peace,${BASEDN} +changetype: add +objectClass: document +description: Historical novel +documentTitle: War and Peace +documentAuthor: cn=Lev Tolstoij,dc=example,dc=com +documentIdentifier: document 3 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing modify..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Deleting all telephone numbers... +dn: cn=Some One,${BASEDN} +changetype: modify +delete: telephoneNumber +- + +# Adding a telephone number... +dn: cn=Mitya Kovalev,${BASEDN} +changetype: modify +add: telephoneNumber +telephoneNumber: +1 800 123 4567 +- + +# Deleting a specific telephone number and adding a new one... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modify +delete: telephoneNumber +telephoneNumber: +39 02 XXXX YYYY +- +add: telephoneNumber +telephoneNumber: +39 333 ZZZ 1234 +- + +# Adding an author to a document... +dn: documentTitle=book1,${BASEDN} +changetype: modify +add: documentAuthor +documentAuthor: cn=Lev Tolstoij,${BASEDN} +- + +# Adding an author to another document... +dn: documentTitle=book2,${BASEDN} +changetype: modify +add: documentAuthor +documentAuthor: cn=Lev Tolstoij,${BASEDN} +- + +# Adding an "auxiliary" objectClass... +dn: cn=Mitya Kovalev,${BASEDN} +changetype: modify +add: objectClass +objectClass: simpleSecurityObject +- + +# Deleting an "auxiliary" objectClass... +dn: cn=Some One,${BASEDN} +changetype: modify +delete: objectClass +objectClass: simpleSecurityObject +- + +# Deleting userPasswords +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modify +delete: userPassword +- +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing delete..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Deleting a person... +dn: cn=Torvlobnor Puzdoy,${BASEDN} +changetype: delete + +# Deleting a document... +dn: documentTitle=book1,${BASEDN} +changetype: delete + +# Deleting an organization with an "auxiliary" objectClass... +dn: dc=subnet2,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing rename..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Renaming an organization... +dn: o=An Org,${BASEDN} +changetype: modrdn +newrdn: o=Renamed Org +deleteoldrdn: 1 + +# Moving a person to another subtree... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modrdn +newrdn: cn=Lev Tolstoij +deleteoldrdn: 0 +newsuperior: dc=subnet,${BASEDN} + +# Renaming a book... +dn: documentTitle=book2,${BASEDN} +changetype: modrdn +newrdn: documentTitle=Renamed Book +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Adding a child to a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: cn=Should Fail,ou=Referral,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: Should Fail +sn: Fail +telephoneNumber: +39 02 23456789 +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Modifying a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modify +replace: ref +ref: ldap://localhost:9009/ +- +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Renaming a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modrdn +newrdn: ou=Renamed Referral +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Deleting a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Adding a referral..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Another Referral,${BASEDN} +changetype: add +objectClass: referral +objectClass: extensibleObject +ou: Another Referral +ref: ldap://localhost:9009/ +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Modifying a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modify +replace: ref +ref: ldap://localhost:9009/ +- +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve the modified entry..." + echo "# Using ldapsearch to retrieve the modified entry..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Referral,$BASEDN" -M \ + "objectClass=*" '*' ref >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Renaming a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modrdn +newrdn: ou=Renamed Referral +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve the renamed entry..." + echo "# Using ldapsearch to retrieve the renamed entry..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Renamed Referral,$BASEDN" -M \ + "objectClass=*" '*' ref >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Deleting a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Renamed Referral,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + BINDDN="cn=Mitya Kovalev,${BASEDN}" + BINDPW="mit" + NEWPW="newsecret" + echo "Testing passwd change..." + $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -D "${BINDDN}" -w ${BINDPW} -s ${NEWPW} \ + "$BINDDN" >> $TESTOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo -n "Testing bind with new secret... " + $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $NEWPW + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + BINDDN="cn=Some One,${BASEDN}" + BINDPW="someone" + echo -n "Testing bind with newly added user... " + $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering modified ldif..." + $LDIFFILTER < $SQLWRITE > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - SQL mods search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + +*) + echo "apparently ${RDBMS} does not support writes; skipping..." + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" +exit 0 diff --git a/tests/scripts/sql-test901-syncrepl b/tests/scripts/sql-test901-syncrepl new file mode 100755 index 0000000..fced28b --- /dev/null +++ b/tests/scripts/sql-test901-syncrepl @@ -0,0 +1,692 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKSQL = "sqlno" ; then + echo "SQL backend not available, test skipped" + exit 0 +fi + +if test $RDBMS = "rdbmsno" ; then + echo "SQL test not requested, test skipped" + exit 0 +fi + +if test "${RDBMSWRITE}" != "yes"; then + echo "write test disabled for ${RDBMS}; set SLAPD_USE_SQLWRITE=yes to enable" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR2A + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SQLSRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing SQL backend write operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $R1SRCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Using ldapsearch to retrieve all the entries from the provider..." +echo "# Using ldapsearch to retrieve all the entries from the provider..." \ + >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + -D "$MANAGERDN" -w $PASSWD \ + "(!(objectClass=referral))" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT2 + +echo "Using ldapsearch to retrieve all the entries from the consumer..." +echo "# Using ldapsearch to retrieve all the entries from the consumer..." \ + >> $SEARCHOUT2 +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT2 -b "$BASEDN" \ + -D "$UPDATEDN" -w $PASSWD \ + "(objectClass=*)" >> $SEARCHOUT2 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results from provider..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering ldapsearch results from consumer..." +$LDIFFILTER < $SEARCHOUT2 > $SEARCHFLT2 +echo "Comparing filter output..." +$CMP $SEARCHFLT $SEARCHFLT2 > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +cat /dev/null > $SEARCHOUT + +echo "Using ldapsearch to retrieve all the entries..." +echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +case ${RDBMS} in + # list here the RDBMSes whose mapping allows writes +pgsql|ibmdb2) + MANAGERDN="cn=Manager,${BASEDN}" + echo "Testing add..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Adding an organization... +dn: o=An Org,${BASEDN} +changetype: add +objectClass: organization +o: An Org + +# Adding an organization with an "auxiliary" objectClass.. +dn: dc=subnet,${BASEDN} +changetype: add +objectClass: organization +objectClass: dcObject +o: SubNet +dc: subnet + +# Adding another organization with an "auxiliary" objectClass.. +dn: dc=subnet2,${BASEDN} +changetype: add +objectClass: organization +objectClass: dcObject +o: SubNet 2 +dc: subnet2 + +# Adding a person... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: Lev Tolstoij +sn: Tolstoij +givenName: Lev +telephoneNumber: +39 02 XXXX YYYY +telephoneNumber: +39 02 XXXX ZZZZ +userPassword: tanja + +# Adding a person with an "auxiliary" objectClass... +dn: cn=Some One,${BASEDN} +changetype: add +objectClass: inetOrgPerson +objectClass: simpleSecurityObject +cn: Some One +sn: One +givenName: Some +telephoneNumber: +1 800 900 1234 +telephoneNumber: +1 800 900 1235 +userPassword: someone + +# Adding a person in another subtree... +dn: cn=SubNet User,dc=subnet,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: SubNet User +sn: User +givenName: SubNet + +# Adding a document... +dn: documentTitle=War and Peace,${BASEDN} +changetype: add +objectClass: document +description: Historical novel +documentTitle: War and Peace +documentAuthor: cn=Lev Tolstoij,dc=example,dc=com +documentIdentifier: document 3 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing modify..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Deleting all telephone numbers... +dn: cn=Some One,${BASEDN} +changetype: modify +delete: telephoneNumber +- + +# Adding a telephone number... +dn: cn=Mitya Kovalev,${BASEDN} +changetype: modify +add: telephoneNumber +telephoneNumber: +1 800 123 4567 +- + +# Deleting a specific telephone number and adding a new one... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modify +delete: telephoneNumber +telephoneNumber: +39 02 XXXX YYYY +- +add: telephoneNumber +telephoneNumber: +39 333 ZZZ 1234 +- + +# Adding an author to a document... +dn: documentTitle=book1,${BASEDN} +changetype: modify +add: documentAuthor +documentAuthor: cn=Lev Tolstoij,${BASEDN} +- + +# Adding an author to another document... +dn: documentTitle=book2,${BASEDN} +changetype: modify +add: documentAuthor +documentAuthor: cn=Lev Tolstoij,${BASEDN} +- + +# Adding an "auxiliary" objectClass... +dn: cn=Mitya Kovalev,${BASEDN} +changetype: modify +add: objectClass +objectClass: simpleSecurityObject +- + +# Deleting an "auxiliary" objectClass... +dn: cn=Some One,${BASEDN} +changetype: modify +delete: objectClass +objectClass: simpleSecurityObject +- + +# Deleting userPasswords +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modify +delete: userPassword +- +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing delete..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Deleting a person... +dn: cn=Torvlobnor Puzdoy,${BASEDN} +changetype: delete + +# Deleting a document... +dn: documentTitle=book1,${BASEDN} +changetype: delete + +# Deleting an organization with an "auxiliary" objectClass... +dn: dc=subnet2,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Testing rename..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +# Renaming an organization... +dn: o=An Org,${BASEDN} +changetype: modrdn +newrdn: o=Renamed Org +deleteoldrdn: 1 + +# Moving a person to another subtree... +dn: cn=Lev Tolstoij,${BASEDN} +changetype: modrdn +newrdn: cn=Lev Tolstoij +deleteoldrdn: 0 +newsuperior: dc=subnet,${BASEDN} + +# Renaming a book... +dn: documentTitle=book2,${BASEDN} +changetype: modrdn +newrdn: documentTitle=Renamed Book +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Adding a child to a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: cn=Should Fail,ou=Referral,${BASEDN} +changetype: add +objectClass: inetOrgPerson +cn: Should Fail +sn: Fail +telephoneNumber: +39 02 23456789 +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Modifying a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modify +replace: ref +ref: ldap://localhost:9009/ +- +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Renaming a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modrdn +newrdn: ou=Renamed Referral +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Deleting a referral (should fail)..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC = 0 ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Adding a referral..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Another Referral,${BASEDN} +changetype: add +objectClass: referral +objectClass: extensibleObject +ou: Another Referral +ref: ldap://localhost:9009/ +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Modifying a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modify +replace: ref +ref: ldap://localhost:9009/ +- +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve the modified entry..." + echo "# Using ldapsearch to retrieve the modified entry..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Referral,$BASEDN" -M \ + "objectClass=*" '*' ref >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Renaming a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Referral,${BASEDN} +changetype: modrdn +newrdn: ou=Renamed Referral +deleteoldrdn: 1 +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve the renamed entry..." + echo "# Using ldapsearch to retrieve the renamed entry..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "ou=Renamed Referral,$BASEDN" -M \ + "objectClass=*" '*' ref >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Deleting a referral with manageDSAit..." + $LDAPMODIFY -v -c -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 -M >> $TESTOUT 2>&1 << EOMODS +version: 1 + +dn: ou=Renamed Referral,${BASEDN} +changetype: delete +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + BINDDN="cn=Mitya Kovalev,${BASEDN}" + BINDPW="mit" + NEWPW="newsecret" + echo "Testing passwd change..." + $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -D "${BINDDN}" -w ${BINDPW} -s ${NEWPW} \ + "$BINDDN" >> $TESTOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo -n "Testing bind with new secret... " + $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $NEWPW + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + BINDDN="cn=Some One,${BASEDN}" + BINDPW="someone" + echo -n "Testing bind with newly added user... " + $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Using ldapsearch to retrieve all the entries..." + echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + "objectClass=*" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering modified ldif..." + $LDIFFILTER < $SQLWRITE > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - SQL mods search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Waiting 25 seconds for provider to send changes..." + sleep 25 + + cat /dev/null > $SEARCHOUT + + echo "Using ldapsearch to retrieve all the entries from the provider..." + echo "# Using ldapsearch to retrieve all the entries from the provider..." \ + >> $SEARCHOUT + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT1 -b "$BASEDN" \ + -D "$MANAGERDN" -w $PASSWD \ + "(!(objectClass=referral))" >> $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + cat /dev/null > $SEARCHOUT2 + + echo "Using ldapsearch to retrieve all the entries from the consumer..." + echo "# Using ldapsearch to retrieve all the entries from the consumer..." \ + >> $SEARCHOUT2 + $LDAPSEARCH -S "" -h $LOCALHOST -p $PORT2 -b "$BASEDN" \ + -D "$UPDATEDN" -w $PASSWD \ + "(objectClass=*)" >> $SEARCHOUT2 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results from provider..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering ldapsearch results from consumer..." + $LDIFFILTER < $SEARCHOUT2 > $SEARCHFLT2 + echo "Comparing filter output..." + $CMP $SEARCHFLT $SEARCHFLT2 > $CMPOUT + + if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + +*) + echo "apparently ${RDBMS} does not support writes; skipping..." + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" +exit 0 diff --git a/tests/scripts/start-server b/tests/scripts/start-server new file mode 100755 index 0000000..c1ddb36 --- /dev/null +++ b/tests/scripts/start-server @@ -0,0 +1,63 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 1 ; then + echo "Waiting 5 seconds for slapd to start..." + sleep 5 + fi +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Server1 (pid=$PID) started" +exit 0 diff --git a/tests/scripts/start-server-nolog b/tests/scripts/start-server-nolog new file mode 100755 index 0000000..c27faea --- /dev/null +++ b/tests/scripts/start-server-nolog @@ -0,0 +1,63 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $CONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> /dev/null 2>&1 & +PID=$! + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 1 ; then + echo "Waiting 5 seconds for slapd to start..." + sleep 5 + fi +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Server1 (pid=$PID) started" +exit 0 diff --git a/tests/scripts/start-server2 b/tests/scripts/start-server2 new file mode 100755 index 0000000..220a036 --- /dev/null +++ b/tests/scripts/start-server2 @@ -0,0 +1,42 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 > $SERVER2OUT 2>&1 + RC=$? + if test $RC = 1 ; then + echo "Waiting 5 seconds for slapd to start..." + sleep 5 + fi +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo ">>>>> Server2 (pid=$PID) started" +exit 0 diff --git a/tests/scripts/start-server2-nolog b/tests/scripts/start-server2-nolog new file mode 100755 index 0000000..6739492 --- /dev/null +++ b/tests/scripts/start-server2-nolog @@ -0,0 +1,42 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $CONFTWO > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > /dev/null 2>&1 & +PID=$! + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 > $SERVER2OUT 2>&1 + RC=$? + if test $RC = 1 ; then + echo "Waiting 5 seconds for slapd to start..." + sleep 5 + fi +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo ">>>>> Server2 (pid=$PID) started" +exit 0 diff --git a/tests/scripts/startup_nis_ldap_server.sh b/tests/scripts/startup_nis_ldap_server.sh new file mode 100755 index 0000000..c8eac52 --- /dev/null +++ b/tests/scripts/startup_nis_ldap_server.sh @@ -0,0 +1,56 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +if [ $# -eq 0 ]; then + SRCDIR="." +else + SRCDIR=$1; shift +fi +if [ $# -eq 1 ]; then + BDB2=$1; shift +fi + +. $SRCDIR/scripts/defines.sh $SRCDIR $BDB2 + +# Sample NIS database in LDIF format +NIS_LDIF=$SRCDIR/data/nis_sample.ldif + +# Sample configuration file for your LDAP server +if test "$BACKEND" = "bdb2" ; then + NIS_CONF=$DATADIR/slapd-bdb2-nis-provider.conf +else + NIS_CONF=$DATADIR/slapd-nis-provider.conf +fi + +echo "Cleaning up in $DBDIR..." + +rm -f $DBDIR/[!C]* + +echo "Running slapadd to build slapd database..." +$SLAPADD -f $NIS_CONF -l $NIS_LDIF +RC=$? +if [ $RC != 0 ]; then + echo "slapadd failed!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT..." +$SLAPD -f $NIS_CONF -p $PORT -d $LVL $TIMING > $PROVIDERLOG 2>&1 & +PID=$! + +echo ">>>>> LDAP server with NIS schema is up! PID=$PID" + + +exit 0 diff --git a/tests/scripts/test000-rootdse b/tests/scripts/test000-rootdse new file mode 100755 index 0000000..0703485 --- /dev/null +++ b/tests/scripts/test000-rootdse @@ -0,0 +1,86 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SCHEMACONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to retrieve the root DSE..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT1 \ + '@extensibleObject' > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC = 0 ; then + echo "Using ldapsearch to retrieve the cn=Subschema..." + $LDAPSEARCH -b "cn=Subschema" -s base -h $LOCALHOST -p $PORT1 \ + '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \ + >> $SEARCHOUT 2>&1 + RC=$? + +fi + +count=2 +if test $RC = 0 ; then + case $MONITORDB in yes | mod) + count=3 + echo "Using ldapsearch to retrieve the cn=Monitor..." + $LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT1 \ + '@monitor' >> $SEARCHOUT 2>&1 + RC=$? + ;; + esac +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +cat $SEARCHOUT + + +if test $RC != 0 ; then + echo ">>>>> Test failed" +else + RC=`grep '^dn:' $SEARCHOUT | wc -l` + if test $RC != $count ; then + echo ">>>>> Test failed: expected $count entries, got" $RC + RC=1 + else + echo ">>>>> Test succeeded" + RC=0 + fi +fi + +test $KILLSERVERS != no && wait + +exit $RC diff --git a/tests/scripts/test001-slapadd b/tests/scripts/test001-slapadd new file mode 100755 index 0000000..f07c4fd --- /dev/null +++ b/tests/scripts/test001-slapadd @@ -0,0 +1,146 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + echo $SEARCHFLT $LDIFFLT + $DIFF $SEARCHFLT $LDIFFLT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +if test $BACKEND = ldif ; then + echo "Skipping test of unordered slapadd (unsupported in ldif backend)" +else + +kill -HUP $KILLPIDS + +rm -f $DBDIR1/* + +BASE2="ou=test,dc=example,dc=com" +sed -e "s;$BASEDN;$BASE2;" $ADDCONF > ${ADDCONF}2 +mv ${ADDCONF}2 $ADDCONF +sed -e "s;$BASEDN;$BASE2;" $CONF1 > ${CONF1}2 +mv ${CONF1}2 $CONF1 +echo "Running slapadd with unordered LDIF..." +$SLAPADD -f $ADDCONF -l $LDIFUNORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -b "$BASE2" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIFREORDERED > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + echo $SEARCHFLT $LDIFFLT + $DIFF $SEARCHFLT $LDIFFLT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test002-populate b/tests/scripts/test002-populate new file mode 100755 index 0000000..e81cee1 --- /dev/null +++ b/tests/scripts/test002-populate @@ -0,0 +1,83 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test003-search b/tests/scripts/test003-search new file mode 100755 index 0000000..8822d34 --- /dev/null +++ b/tests/scripts/test003-search @@ -0,0 +1,155 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing exact searching..." +echo "# Testing exact searching..." > $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(sn=jENSEN)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing approximate searching..." +echo "# Testing approximate searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(sn~=jENSEN)' name >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR searching..." +echo "# Testing OR searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(|(givenname=Xx*yY*Z)(cn=)(undef=*)(objectclass=groupofnames)(sn=jones)(member=cn=Manager,dc=example,dc=com)(uniqueMember=cn=Manager,dc=example,dc=com))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND matching and ends-with searching..." +echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT1 \ + '(&(objectclass=groupofnames)(cn=A*)(member=cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT searching..." +echo "# Testing NOT searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass/attributeType inheritance ..." +echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT +$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(&(objectClass=inetorgperson)(userid=uham))' \ + "2.5.4.0" "userid" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SEARCHOUTPROVIDER + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test004-modify b/tests/scripts/test004-modify new file mode 100755 index 0000000..91a0f6a --- /dev/null +++ b/tests/scripts/test004-modify @@ -0,0 +1,234 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd modify operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing modify, add, and delete..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +version: 1 + +# LEADING COMMENT AND WHITE SPACE + +dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +# EMBEDDED COMMENT +changetype: modify +add: drink +drink: Pils +- +add: drink +drink: Orange Juice +- +delete: drink +drink: Pils +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +changetype: modify +# EMBEDDED COMMENT + CONTINUED +replace: description +description: The replaced multiLineDescription $ Blah Woof. +- +replace: drink +drink: Iced Tea +drink: Mad Dog 20/20 + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2,ou=Information Technology Division, + ou=People,dc=example,dc=com +uniquemember: cn=Bjorn Jensen,ou=Information Technology Division, + ou=People,dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens,ou=Alumni Association, + ou=People,dc=example,dc=com +uniquemember: cn=James A Jones 1,ou=Alumni Association, + ou=People,dc=example,dc=com +- +add: objectClass +objectClass: OpenLDAPdisplayableObject +objectClass: pkiUser +objectClass: userSecurityInformation +- +delete: objectClass +objectClass: userSecurityInformation +objectClass: pkiUser +objectClass: OpenLDAPdisplayableObject + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: member +- +add: member +member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +- +delete: description +- +add: objectClass +objectClass: OpenLDAPdisplayableObject +objectClass: pkiUser +objectClass: userSecurityInformation +- +delete: objectClass +objectClass: OpenLDAPdisplayableObject +objectClass: pkiUser +objectClass: userSecurityInformation + +dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +changetype: add +objectclass: testPerson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Anytown, MI 48103 +seealso: cn=All Staff,ou=Groups,dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Anytown, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 +testTime: 20050304001801.234Z + +dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com +changetype: delete +# TRAILING COMMENT AND WHITE SPACE + +dn: ou=People,dc=example,dc=com +changetype: modify +increment: uidNumber +uidNumber: 1 +- +increment: gidNumber +gidNumber: -1 + +dn: dc=example,dc=com +changetype: modify +# EMPTY SEQUENCE OF CHANGE + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapmodify to add an empty entry (should fail with protocolError)..." +$LDAPMODIFY -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Foo Bar,dc=example,dc=com +changetype: add +# EMPTY SEQUENCE OF ATTRS +EOMODS + +RC=$? +case $RC in +2) + echo " ldapmodify failed ($RC)" + ;; +0) + echo " ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo " ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' > $SEARCHOUT 2>&1 +RC=$? +test $KILLSERVERS != no && kill -HUP $KILLPIDS +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +LDIF=$MODIFYOUTPROVIDER + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modify operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test005-modrdn b/tests/scripts/test005-modrdn new file mode 100755 index 0000000..d26fb36 --- /dev/null +++ b/tests/scripts/test005-modrdn @@ -0,0 +1,300 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF2DB > $CONF1 +$SLAPADD -f $CONF1 -b "$BASEDN" -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd modrdn operations..." + +# Make sure we can search the database +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' > $INITOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# -r used to do remove of old rdn + +echo "Testing modrdn(deleteoldrdn=0)..." +$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones III' + +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing modrdn(deleteoldrdn=1)..." +$LDAPMODRDN -D "$MANAGERDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 'cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example, dc=com' 'cn=James A Jones II' + +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Ensure the new rdn's can be found + +echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones III)..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'cn=James A Jones III' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +LDIF=$MODRDNOUTPROVIDER1 + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modrdn operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + + +echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones II)..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'cn=James A Jones II' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +LDIF=$MODRDNOUTPROVIDER2 + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modrdn operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# Ensure that you cannot find the entry for which the rdn was deleted as +# an attribute. + +echo "Using ldapsearch to retrieve entries using removed rdn (cn=James A Jones 2)..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'cn=James A Jones 2' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + test $KILLSERVERS != no && kill -HUP $KILLPIDS + echo "ldapsearch failed ($RC)!" + exit $RC +fi +$CMP $SEARCHOUT - < /dev/null > $CMPOUT +if test $? != 0 ; then + echo "failure: ldapsearch found attribute that was to be removed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + test $KILLSERVERS != no && kill -HUP $KILLPIDS + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +LDIF=$MODRDNOUTPROVIDER0 + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modrdn operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# Test that you can use modrdn with an attribute value which was previously +# present + +echo "Testing modrdn(deleteoldrdn=1), modrdn with new rdn already an att val..." +$LDAPMODRDN -D "$MANAGERDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + /dev/null 2>&1 'cn=James A Jones III, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones 1' + +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve entries using new rdn (cn=James A Jones 1)..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'cn=James A Jones 1' > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +LDIF=$MODRDNOUTPROVIDER3 + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modrdn operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Testing modrdn to another database (should fail with affectsMultipleDSAs)" +$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 'cn=All Staff,ou=Groups,dc=example,dc=com' 'cn=Everyone' +RC=$? +case $RC in +0) + echo "ldapmodrdn succeeded, should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +71) + ;; +*) + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing modrdn with newSuperior = target (should fail with unwillingToPerform)" +$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 -s 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' \ + 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones 1' + +RC=$? +case $RC in +0) + echo "ldapmodrdn succeeded, should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +53) + ;; +*) + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing modrdn with newRdn exact same as target..." +$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A Jones 1' + +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing modrdn with newRdn same as target, changed case..." +$LDAPMODRDN -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 'cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com' 'cn=James A JONES 1' + +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls new file mode 100755 index 0000000..7d5adb4 --- /dev/null +++ b/tests/scripts/test006-acls @@ -0,0 +1,667 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +case "$BACKEND" in ldif | null) + echo "$BACKEND backend does not support access controls, test skipped" + exit 0 +esac + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $ACLCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd access control..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "# Try to read an entry inside the Alumni Association container. +# It should give us noSuchObject if we're not bound..." \ +>> $SEARCHOUT +# FIXME: temporarily remove the "No such object" message to make +# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd +$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 "(objectclass=*)" \ + 2>&1 | grep -v "No such object" >> $SEARCHOUT + +echo "# ... and should return all attributes if we're bound as anyone +# under Example." \ +>> $SEARCHOUT +$LDAPSEARCH -b "$JAJDN" -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 + +# ITS#4253, ITS#4255 +echo "# Checking exact/regex attrval clause" >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$MELLIOTDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 + +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$JOHNDDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 + +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + -b "$BJORNSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w bjorn \ + -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 + +# check selfwrite access (ITS#4587). 6 attempts are made: +# 1) delete someone else (should fail) +# 2) delete self (should succeed) +# 3) add someone else (should fail) +# 4) add someone else and self (should fail) +# 5) add self and someone else (should fail) +# 6) add self (should succeed) +# +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: member +member: $BABSDN +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: member +member: $JAJDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: cn=Foo,ou=Bar +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: cn=Foo,ou=Bar +member: $JAJDN +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: $JAJDN +member: cn=Foo,ou=Bar +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: $JAJDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# +# Check group access. Try to modify Babs' entry. Two attempts: +# 1) bound as "James A Jones 1" - should fail +# 2) bound as "Bjorn Jensen" - should succeed + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS5 +dn: $BABSDN +changetype: modify +replace: drink +drink: wine +EOMODS5 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS6 +dn: $BABSDN +changetype: modify +add: homephone +homephone: +1 313 555 5444 +EOMODS6 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Try to add a "member" attribute to the "ITD Staff" group. It should +# fail when we add some DN other than our own, and should succeed when +# we add our own DN. +# bjensen +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS1 +version: 1 +dn: cn=ITD Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: uniquemember +uniquemember: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +EOMODS1 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS2 +version: 1 + +dn: cn=ITD Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: uniquemember +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +EOMODS2 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Try to modify the "ITD Staff" group. Two attempts are made: +# 1) bound as "James A Jones 1" - should fail +# 2) bound as "Bjorn Jensen" - should succeed +# +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS3 + +dn: cn=ITD Staff, ou=Groups, dc=example, dc=com +changetype: modify +delete: description +EOMODS3 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS4 +# COMMENT +version: 1 +# comment +dn: cn=ITD Staff, ou=Groups, dc=example, dc=com +# comment +changetype: modify +# comment +add: ou +# comment +ou: Groups +# comment +EOMODS4 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Try to modify the "ITD Staff" group. Two attempts are made: +# 1) bound as "James A Jones 1" - should succeed +# 2) bound as "Barbara Jensen" - should fail +# should exploit sets +# +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS5 +dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: description +description: added by jaj (should succeed) +- +EOMODS5 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS6 +dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: description +description: added by bjensen (should fail) +- +EOMODS6 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS7 +dn: ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: organizationalUnit +ou: Add & Delete +EOMODS7 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS8 +dn: cn=Added by Babs (must fail),ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: inetOrgPerson +cn: Added by Babs (must fail) +sn: None +EOMODS8 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS9 +dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: inetOrgPerson +cn: Added by Bjorn (must succeed) +sn: None + +dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: inetOrgPerson +cn: Added by Bjorn (will be deleted) +sn: None + +dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: inetOrgPerson +cn: Added by Bjorn (will be renamed) +sn: None + +dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com +changetype: modify +add: description +description: this attribute value has been added __after__entry creation +description: this attribute value will be deleted by Babs (must succeed) +description: Bjorn will try to delete this attribute value (should fail) +- +EOMODS9 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS10 +dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com +changetype: delete +EOMODS10 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS11 +dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com +changetype: modrdn +newrdn: cn=Added by Bjorn (renamed by Bjorn) +deleteoldrdn: 1 +EOMODS11 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS12 +dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com +changetype: modrdn +newrdn: cn=Added by Bjorn (renamed by Babs) +deleteoldrdn: 1 +EOMODS12 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS13 +dn: cn=Added by Bjorn (will be renamed),ou=Add & Delete,dc=example,dc=com +changetype: modrdn +newrdn: cn=Added by Bjorn (renamed by Jaj) +deleteoldrdn: 1 +EOMODS13 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS14 +dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com +changetype: modify +delete: description +description: Bjorn will try to delete this attribute value (should fail) +- +EOMODS14 +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BABSDN" -h $LOCALHOST -p $PORT1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS15 +dn: cn=Added by Bjorn (will be deleted),ou=Add & Delete,dc=example,dc=com +changetype: delete + +dn: cn=Added by Bjorn (must succeed),ou=Add & Delete,dc=example,dc=com +changetype: modify +delete: description +description: this attribute value will be deleted by Babs (must succeed) +- +EOMODS15 +RC=$? +case $RC in +0) + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Using ldapsearch to retrieve all the entries..." +echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' >> $SEARCHOUT 2>&1 +RC=$? +test $KILLSERVERS != no && kill -HUP $KILLPIDS +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +LDIF=$ACLOUTPROVIDER + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test008-concurrency b/tests/scripts/test008-concurrency new file mode 100755 index 0000000..0a80894 --- /dev/null +++ b/tests/scripts/test008-concurrency @@ -0,0 +1,99 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test x$TESTLOOPS = x ; then + TESTLOOPS=50 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED -d -1 2> $SLAPADDLOG1 +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +# fix test data to include back-monitor, if available +# NOTE: copies do_* files from $DATADIR to $TESTDIR +$MONITORDATA "$MONITORDB" "$DATADIR" "$TESTDIR" + +echo "Using tester for concurrent server access..." +$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l $TESTLOOPS +RC=$? + +if test $RC != 0 ; then + echo "slapd-tester failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test009-referral b/tests/scripts/test009-referral new file mode 100755 index 0000000..9abd7aa --- /dev/null +++ b/tests/scripts/test009-referral @@ -0,0 +1,181 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +# +# Test default referral +# + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting provider slapd on TCP/IP port $PORT1..." +$SLAPD -n provider -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $REFCONSUMERCONF > $CONF2 +$SLAPD -n consumer -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi + +KILLPIDS="$PID $CONSUMERPID" + +sleep 1 + +echo "Testing for provider slapd..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for provider slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing for consumer slapd..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for consumer slapd to start..." + sleep 5 +done + +cat /dev/null > $SEARCHOUT + +echo "Testing exact searching..." +$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + 'sn=jensen' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing approximate searching..." +$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(sn=jENSEN)' name >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR searching..." +$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(|(objectclass=groupofnames)(objectClass=groupofuniquenames)(sn=jones))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND matching and ends-with searching..." +$LDAPSEARCH -C -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT2 \ + '(&(objectclass=groupofnames)(cn=A*))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT searching..." +$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass/attributeType inheritance ..." +$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(&(objectClass=inetorgperson)(userid=uham))' \ + "2.5.4.0" "userid" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing dontUseCopy control..." +$LDAPSEARCH -C -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -E \!dontUseCopy \ + 'sn=jensen' >> $SEARCHOUT +RC=$? +if test $RC = 10 ; then + echo "ldapsearch failed as expected ($RC)" +else + echo "ldapsearch did not error as expected ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SEARCHOUTPROVIDER + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd new file mode 100755 index 0000000..75f895b --- /dev/null +++ b/tests/scripts/test010-passwd @@ -0,0 +1,189 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $PWCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFPASSWD > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo > $SEARCHOUT +echo > $TESTOUT + +echo "Using ldapsearch to verify population ..." +echo "++ Initial search" >> $SEARCHOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$MANAGERDN" -w $PASSWD \ + -b "$BASEDN" \ + 'objectclass=*' >> $SEARCHOUT 2>&1 + +echo "Using ldappasswd to test a few error conditions ..." +echo "Pass 0" >> $TESTOUT +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a "" -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! old empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s "" \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! new empty" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -a oldsecret -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldappasswd unexpectantly passed ($RC)! wrong old" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldappasswd (PASS 1) ..." +echo "Pass 1" >> $TESTOUT +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -s newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w $PASSWD -s newsecret \ + -D "$MANAGERDN" "cn=smd5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -s newsecret \ + -D "cn=sha, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -s newsecret \ + -D "cn=ssha, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "" >> $TESTOUT +echo "Pass 2" >> $TESTOUT +echo "Using ldappasswd (PASS 2) ..." +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w newsecret \ + -D "cn=md5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w newsecret \ + -D "cn=smd5, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w newsecret \ + -D "cn=sha, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w newsecret \ + -D "cn=ssha, $BASEDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Logging end state with ldapsearch..." +echo "" >> $TESTOUT +echo "++ End search" >> $TESTOUT +$LDAPSEARCH -h $LOCALHOST -p $PORT1 \ + -D "$MANAGERDN" -w $PASSWD \ + -b "$BASEDN" \ + 'objectclass=*' >> $TESTOUT 2>&1 + + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test011-glue-slapadd b/tests/scripts/test011-glue-slapadd new file mode 100755 index 0000000..b6ac592 --- /dev/null +++ b/tests/scripts/test011-glue-slapadd @@ -0,0 +1,98 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C + +echo "Running slapadd to build glued slapd databases..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1 +$SLAPADD -d $LVL -f $CONF1 -l $LDIFORDERED > $SLAPADDLOG1 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to retrieve all the entries..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s ldif=e < $LDIFGLUED > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + echo $SEARCHFLT $LDIFFLT + $DIFF $SEARCHFLT $LDIFFLT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +if test $BACKEND != null ; then +echo "Testing sizelimit..." +$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s one -z 2 > $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "sizelimit not detected at end of search." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 -z 9 objectclass=OpenLDAPPerson > $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "sizelimit not detected at middle of search." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test012-glue-populate b/tests/scripts/test012-glue-populate new file mode 100755 index 0000000..d900fa7 --- /dev/null +++ b/tests/scripts/test012-glue-populate @@ -0,0 +1,83 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C + +echo "Starting slapd on TCP/IP port $PORT..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapadd to populate the glued database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries..." +$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s ldif=e < $LDIFGLUED > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test013-language b/tests/scripts/test013-language new file mode 100755 index 0000000..3b1dd80 --- /dev/null +++ b/tests/scripts/test013-language @@ -0,0 +1,117 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFLANG > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \ + '(&)' > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read name ..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \ + '(&)' 'name' >> $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read name language tag ..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \ + '(&)' 'name;lang-en-US' >> $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read name language range ..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -s base \ + '(&)' 'name;lang-en-' >> $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering language ldif ..." +$LDIFFILTER < $LDIFLANGOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - language test failed!" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test014-whoami b/tests/scripts/test014-whoami new file mode 100755 index 0000000..a2ef15a --- /dev/null +++ b/tests/scripts/test014-whoami @@ -0,0 +1,468 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFWHOAMI +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT..." +. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Testing ldapwhoami as anonymous..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ldapwhoami as ${MANAGERDN}..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ + -e \!authzid="" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ + -e \!authzid="dn:$BABSDN" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ + -e \!authzid="u:uham" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# authzFrom: someone else => bjorn +echo "Testing authzFrom..." + +BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjensen +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=melliot +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=jen +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=jjones +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=noone +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=dots +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=jaj +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com" +BINDPW=ITD +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Should Fail,dc=example,dc=com" +BINDPW=fail +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Must Fail,dc=example,dc=com" +BINDPW=fail +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# authzTo: bjorn => someone else +echo "Testing authzTo..." + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:bjensen" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:melliot" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jdoe" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jjones" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:noone" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:dots" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jaj" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:group/itd staff" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:fail" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:cn=Should Fail,dc=example,dc=com" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:cn=don't!" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +BINDDN="dc=example,dc=com" +BINDPW=example +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 + +## Note to developers: when SLAPD_DEBUG=-1 the command +## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log +## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1 +## to indicate that the authzFrom and authzTo rules applied in the right order. diff --git a/tests/scripts/test015-xsearch b/tests/scripts/test015-xsearch new file mode 100755 index 0000000..b44520e --- /dev/null +++ b/tests/scripts/test015-xsearch @@ -0,0 +1,261 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Testing exact searching..." +echo "# Testing exact searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(sn:=jensen)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing approximate searching..." +echo "# Testing approximate searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(sn~=jensen)' name >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing OR searching..." +echo "# Testing OR searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(|(givenName=XX*YY*Z)(cn=)(undef=*)(objectclass=groupofnames)(objectclass=groupofuniquenames)(sn:caseExactMatch:=Jones))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing AND matching and ends-with searching..." +echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -h $LOCALHOST -p $PORT1 \ + '(&(|(objectclass=groupofnames)(objectclass=groupofuniquenames))(cn=A*))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing NOT searching..." +echo "# Testing NOT searching..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing objectClass/attributeType inheritance ..." +echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT +$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(&(objectClass=inetorgperson)(userid=uham))' \ + "2.5.4.0" "userid" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing extended RFC2254 searching:" +echo "# Testing extended RFC2254 searching:" >> $SEARCHOUT + +FILTER="(:dn:caseIgnoreIA5Match:=example)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(:dn:caseExactMatch:=Information Technology Division)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +# ITS#4380: don't crash when a matchingRule without pretty/validate is used +FILTER="(:dn:caseIgnoreSubstringsMatch:=Information Technology Division)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(name:dn:=whatever)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing values return filter searching:" +echo "# Testing values return filter searching:" >> $SEARCHOUT + +FILTER="(o=Example, Inc.)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -E '!mv='"$FILTER" "$FILTER" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(dc=example)" +VRFILTER="((o:caseExactMatch:=Example, Inc.)(dc=example))" +echo " f=$FILTER mv=$VRFILTER ..." +echo "# f=$FILTER mv=$VRFILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -E '!mv='"$VRFILTER" "$FILTER" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(dc=example)" +VRFILTER="((o={*)(dc=*))" +echo " f=$FILTER mv=$VRFILTER ..." +echo "# f=$FILTER mv=$VRFILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -E '!mv='"$VRFILTER" "$FILTER" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(attributeTypes=0.9.2342.19200300.100.1.25)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "cn=Subschema" -s "base" -h $LOCALHOST -p $PORT1 \ + -E '!mv='"$FILTER" "$FILTER" "attributeTypes" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SEARCHOUTPROVIDER +LDIF2=$SEARCHOUTX + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +$LDIFFILTER < $LDIF2 >> $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test016-subref b/tests/scripts/test016-subref new file mode 100755 index 0000000..d584f2b --- /dev/null +++ b/tests/scripts/test016-subref @@ -0,0 +1,197 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +RCODE=10 +test $BACKEND = null && RCODE=0 + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $RCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFREF +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Testing ManageDsaIT searching at $REFDN..." +$LDAPRSEARCH -S "" -MM -b "$REFDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ManageDsaIT searching at referral object..." +$LDAPRSEARCH -S "" -MM -b "o=abc,$REFDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ManageDsaIT searching below referral object..." +$LDAPRSEARCH -S "" -MM -b "uid=xxx,o=abc,$REFDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=referral)' '*' ref >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +XREFDN="$REFDN" +echo "Testing base searching at $XREFDN..." +$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing one-level searching at $XREFDN..." +$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing subtree searching at $XREFDN..." +$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +XREFDN="o=abc,$REFDN" +echo "Testing base searching at $XREFDN..." +$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing one-level searching at $XREFDN..." +$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing subtree searching at $XREFDN..." +$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +XREFDN="uid=xxx,o=abc,$REFDN" +echo "Testing base searching at $XREFDN..." +$LDAPRSEARCH -S "" -s base -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing one-level searching at $XREFDN..." +$LDAPRSEARCH -S "" -s one -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing subtree searching at $XREFDN..." +$LDAPRSEARCH -S "" -s sub -b "$XREFDN" -h $LOCALHOST -p $PORT1 1.1 >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != $RCODE ; then + echo "ldapsearch: unexpected result ($RC)! (referral expected)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SEARCHOUTPROVIDER +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected LDIF for comparison..." +$LDIFFILTER < $REFERRALOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test017-syncreplication-refresh b/tests/scripts/test017-syncreplication-refresh new file mode 100755 index 0000000..e304065 --- /dev/null +++ b/tests/scripts/test017-syncreplication-refresh @@ -0,0 +1,356 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $R1SRCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea +drink: Mad Dog 20/20 + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete + +dn: dc=testdomain1,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain1 +deleteoldrdn: 1 + +dn: dc=itsdomain1,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. ITS test domain + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Performing modrdn alone on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: dc=testdomain2,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain2 +deleteoldrdn: 1 + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Performing modify alone on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: dc=itsdomain2,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. itsdomain2 test domain + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Performing larger modify on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com +changetype: modify +replace: objectClass +objectClass: groupOfNames +- +replace: cn +cn: Alumni Assoc Staff +- +replace: description +description: blablabla +- +replace: member +member: cn=Manager,dc=example,dc=com +member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Try updating the consumer slapd..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + +RC=$? + +# expect 10 (LDAP_REFERRAL)... +if test $RC != 10 ; then + echo "ldapmodify should have returned referral ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp" + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test018-syncreplication-persist b/tests/scripts/test018-syncreplication-persist new file mode 100755 index 0000000..eb371be --- /dev/null +++ b/tests/scripts/test018-syncreplication-persist @@ -0,0 +1,548 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp" + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR4 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral or chain) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT4..." +. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Stopping the provider, sleeping 10 seconds and restarting it..." +kill -HUP "$PID" +wait $PID +sleep 10 +echo "RESTART" >> $LOG1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Waiting $SLEEP1 seconds for consumer to reconnect..." +sleep $SLEEP1 + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +facsimiletelephonenumber: +1 313 555 9998 +facsimiletelephonenumber: +1 313 555 9999 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +# modify attribute with no matching rule (ITS#6458) +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: facsimiletelephonenumber +facsimiletelephonenumber: +1 313 555 9998 +facsimiletelephonenumber: +1 313 555 9999 + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: facsimiletelephonenumber +facsimiletelephonenumber: +1 313 555 9998 +facsimiletelephonenumber: +1 313 555 9999 +facsimiletelephonenumber: +1 313 555 7557 + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: facsimiletelephonenumber +facsimiletelephonenumber: +1 313 555 9998 +facsimiletelephonenumber: +1 313 555 9999 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco +description: Fat tycoon + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete + +dn: dc=testdomain1,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain1 +deleteoldrdn: 1 + +dn: dc=itsdomain1,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. ITS test domain + +dn: dc=testdomain2,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain2 +deleteoldrdn: 1 + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldappasswd to change some passwords..." +$LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + 'cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \ + > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Stopping consumer to test recovery..." +kill -HUP $CONSUMERPID +wait $CONSUMERPID + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: delete + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Mad Dog 20/20 + +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Coltrane +uid: rosco +cn: Rosco P. Coltrane + +dn: dc=itsdomain2,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. itsdomain2 test domain + +# rename with a newly added newSuperior while the consumer is down (ITS#6472) +dn: ou=New Branch,dc=example,dc=com +changetype: add +objectClass: organizationalUnit +ou: New Branch + +dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Dorothy Stevens +deleteoldrdn: 0 +newsuperior: ou=New Branch,dc=example,dc=com + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Restarting consumer..." +echo "RESTART" >> $LOG4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +if test ! $BACKLDAP = "ldapno" ; then + echo "Try updating the consumer slapd..." + $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + # ITS#4964 + echo "Trying to change some passwords on the consumer..." + $LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD \ + 'cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \ + > $TESTOUT 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +fi + +# Testing a cancel exop (should go in its own testcase) +$LDAPSEARCH -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -e '!cancel' \ + '(objectclass=*)' '*' $OPATTRS > $TESTOUT 2>&1 +RC=$? +# cancelled operation returns -1, so no point of checking return code, either +# it's cancelled or we get stuck forever + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test019-syncreplication-cascade b/tests/scripts/test019-syncreplication-cascade new file mode 100755 index 0000000..55a0760 --- /dev/null +++ b/tests/scripts/test019-syncreplication-cascade @@ -0,0 +1,487 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 $DBDIR4 $DBDIR5 $DBDIR6 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd (pid=$PID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting R1 consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $R1SRCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMER R1 PID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that R1 consumer slapd (pid=$CONSUMERPID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for R1 slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting R2 consumer slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $R2SRCONSUMERCONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMER R2 PID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that R2 consumer slapd (pid=$CONSUMERPID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for R2 consumer slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting P1 consumer slapd on TCP/IP port $PORT4..." +. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMER P1 PID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that P1 consumer slapd (pid=$CONSUMERPID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for P1 consumer slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting P2 consumer slapd on TCP/IP port $PORT5..." +. $CONFFILTER $BACKEND $MONITORDB < $P2SRCONSUMERCONF > $CONF5 +$SLAPD -f $CONF5 -h $URI5 -d $LVL $TIMING > $LOG5 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMER P2 PID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that P2 consumer slapd (pid=$CONSUMERPID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT5 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for P2 consumer slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting P3 consumer slapd on TCP/IP port $PORT6..." +. $CONFFILTER $BACKEND $MONITORDB < $P3SRCONSUMERCONF > $CONF6 +$SLAPD -f $CONF6 -h $URI6 -d $LVL $TIMING > $LOG6 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMER P3 PID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that P3 consumer slapd (pid=$CONSUMERPID) is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT6 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for P3 consumer slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..." +sleep $SLEEP2 + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea +drink: Mad Dog 20/20 + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete + +dn: dc=testdomain1,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain1 +deleteoldrdn: 1 + +dn: dc=itsdomain1,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. ITS test domain + +dn: dc=testdomain2,dc=example,dc=com +changetype: modrdn +newrdn: dc=itsdomain2 +deleteoldrdn: 1 + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..." +sleep $SLEEP2 + +echo "Performing modify alone on provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: dc=itsdomain2,dc=example,dc=com +changetype: modify +replace: description +description: Example, Inc. itsdomain2 test domain + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..." +sleep $SLEEP2 + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' entryCSN > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the R1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' '*' entryCSN > $SERVER2OUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at R1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the R2 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' '*' entryCSN > $SERVER3OUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at R2 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the P1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectClass=*)' '*' entryCSN > $SERVER4OUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at P1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the P2 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT5 \ + '(objectClass=*)' '*' entryCSN > $SERVER5OUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at P2 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the P3 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT6 \ + '(objectClass=*)' '*' entryCSN > $SERVER6OUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at P3 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider ldapsearch results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering R1 consumer ldapsearch results..." +$LDIFFILTER < $SERVER2OUT > $SERVER2FLT +echo "Filtering R2 consumer ldapsearch results..." +$LDIFFILTER < $SERVER3OUT > $SERVER3FLT +echo "Filtering P1 consumer ldapsearch results..." +$LDIFFILTER < $SERVER4OUT > $SERVER4FLT +echo "Filtering P2 consumer ldapsearch results..." +$LDIFFILTER < $SERVER5OUT > $SERVER5FLT +echo "Filtering P3 consumer ldapsearch results..." +$LDIFFILTER < $SERVER6OUT > $SERVER6FLT + +echo "Comparing retrieved entries from provider and R1 consumer..." +$CMP $PROVIDERFLT $SERVER2FLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and R1 consumer databases differ" + exit 1 +fi + +echo "Comparing retrieved entries from provider and R2 consumer..." +$CMP $PROVIDERFLT $SERVER3FLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and R2 consumer databases differ" + exit 1 +fi + +echo "Comparing retrieved entries from provider and P1 consumer..." +$CMP $PROVIDERFLT $SERVER4FLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P1 consumer databases differ" + exit 1 +fi + +echo "Comparing retrieved entries from provider and P2 consumer..." +$CMP $PROVIDERFLT $SERVER5FLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P2 consumer databases differ" + exit 1 +fi + +echo "Comparing retrieved entries from provider and P3 consumer..." +$CMP $PROVIDERFLT $SERVER6FLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P3 consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test020-proxycache b/tests/scripts/test020-proxycache new file mode 100755 index 0000000..cae93e4 --- /dev/null +++ b/tests/scripts/test020-proxycache @@ -0,0 +1,654 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +PCACHETTL=${PCACHETTL-"1m"} +PCACHENTTL=${PCACHENTTL-"1m"} +PCACHESTTL=${PCACHESTTL-"1m"} +PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"} +PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"} +PCACHETTR=${PCACHETTR-"2"} +PCACHEBTTR=${PCACHEBTTR-"5"} + +. $SRCDIR/scripts/defines.sh + +if test $PROXYCACHE = pcacheno; then + echo "Proxy cache overlay not available, test skipped" + exit 0 +fi + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $BACKEND = ldif ; then + # The (mail=example.com*) queries hit a sizelimit, so which + # entry is returned depends on the ordering in the backend. + echo "Test does not support $BACKEND backend, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +# Test proxy caching: +# - start provider +# - start proxy cache +# - populate provider +# - perform first set of searches at the proxy +# - verify cacheability +# - perform second set of searches at the proxy +# - verify answerability + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER < $CACHEPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -x -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting proxy cache on TCP/IP port $PORT2..." +. $CONFFILTER < $PROXYCACHECONF | sed \ + -e "s/@TTL@/${PCACHETTL}/" \ + -e "s/@NTTL@/${PCACHENTTL}/" \ + -e "s/@STTL@/${PCACHENTTL}/" \ + -e "s/@TTR@/${PCACHETTR}/" \ + -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/" \ + -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/" \ + -e "s/@BTTR@/${PCACHEBTTR}/" \ + > $CONF2 + +$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & +CACHEPID=$! +if test $WAIT != 0 ; then + echo CACHEPID $CACHEPID + read foo +fi +KILLPIDS="$KILLPIDS $CACHEPID" + +sleep 1 + +echo "Using ldapsearch to check that proxy slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Making queries on the proxy cache..." +CNT=0 + +CNT=`expr $CNT + 1` +FILTER="(sn=Jon)" +echo "Query $CNT: filter:$FILTER attrs:all (expect nothing)" +echo "# Query $CNT: filter:$FILTER attrs:all (expect nothing)" >> $SEARCHOUT +$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# ITS#4491, if debug messages are unavailable, we can't verify the tests. +grep "query template" $LOG2 > /dev/null +RC=$? +if test $RC != 0 ; then + echo "Debug messages unavailable, remaining test skipped..." + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 0 +fi + +CNT=`expr $CNT + 1` +FILTER="(|(cn=*Jon*)(sn=Jon*))" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(sn=Smith*)" +ATTRS="cn sn uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(sn=Doe*)" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(uid=johnd)" +ATTRS="mail postaladdress telephonenumber cn uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(mail=*@mail.alumni.example.com)" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(mail=*)" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(mail=*example.com)" +ATTRS="cn sn title uid" +USERDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +UPASSWD="bjorn" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +case $RC in +0) + echo "ldapsearch should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +4) + echo "ldapsearch failed ($RC)" + ;; +*) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +CNT=`expr $CNT + 1` +FILTER="(uid=b*)" +ATTRS="mail" +USERDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +UPASSWD="bjorn" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +case $RC in +0) + echo "ldapsearch should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +4) + echo "ldapsearch failed ($RC)" + ;; +*) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +CNT=`expr $CNT + 1` +FILTER="(|(cn=All Staff)(sn=All Staff))" +ATTRS="sn cn title uid undefinedAttr" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FIRST=$CNT + +# queries 2-6,8-10 are cacheable +CACHEABILITY=0111110111 +grep CACHEABLE $LOG2 | awk '{ + if ($3 == "NOT") + printf "Query %d not cacheable\n",NR + else + printf "Query %d cacheable\n",NR + }' +CACHED=`grep CACHEABLE $LOG2 | awk '{ + if ($3 == "NOT") + printf "0" + else + printf "1" + }'` + +if test "$CACHEABILITY" = "$CACHED" ; then + echo "Successfully verified cacheability" +else + echo "Error in verifying cacheability" + echo "$CACHED" + echo "$CACHEABILITY" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CNT=`expr $CNT + 1` +FILTER="(|(cn=*Jones)(sn=Jones))" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(sn=Smith)" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(uid=bjorn)" +ATTRS="mail postaladdress telephonenumber cn uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(mail=jaj@mail.alumni.example.com)" +ATTRS="cn sn title uid" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CNT=`expr $CNT + 1` +FILTER="(mail=*example.com)" +ATTRS="cn sn title uid" +USERDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +UPASSWD="bjorn" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +case $RC in +0) + echo "ldapsearch should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +4) + echo "ldapsearch failed ($RC)" + ;; +*) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +CNT=`expr $CNT + 1` +FILTER="(uid=b*)" +ATTRS="mail" +USERDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +UPASSWD="bjorn" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +case $RC in +0) + echo "ldapsearch should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +4) + echo "ldapsearch failed ($RC)" + ;; +*) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +CNT=`expr $CNT + 1` +FILTER="(|(cn=All Staff)(sn=All Staff))" +ATTRS="sn cn title uid undefinedAttr" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#queries 11-13,16-17 are answerable, 14-15 are not +#actually, 14 would be answerable, but since 8 made mail=*example.com +#not answerable because of sizelimit, queries contained in it are no longer +#answerable as well +ANSWERABILITY=1110011 +grep ANSWERABLE $LOG2 | awk "BEGIN {FIRST=$FIRST}"'{ + if (NR > FIRST) { + if ($3 == "NOT") + printf "Query %d not answerable\n",NR + else + printf "Query %d answerable\n",NR + } + }' +ANSWERED=`grep ANSWERABLE $LOG2 | awk "BEGIN {FIRST=$FIRST}"'{ + if (NR > FIRST) { + if ($3 == "NOT") + printf "0" + else + printf "1" + } + }'` + +if test "$ANSWERABILITY" = "$ANSWERED" ; then + echo "Successfully verified answerability" +else + echo "Error in verifying answerability" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=a < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif..." +$LDIFFILTER -s ldif=a < $PROXYCACHEOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "" +echo "Testing cache refresh" + +CNT=`expr $CNT + 1` +FILTER="(&(objectclass=person)(uid=dots))" +ATTRS="cn mail telephonenumber" +echo "Query $CNT: filter:$FILTER attrs:$ATTRS" +echo "# Query $CNT: filter:$FILTER attrs:$ATTRS" >> $SEARCHOUT +$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -x -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD <<EOF \ + > /dev/null 2>&1 +dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +replace: mail +mail: dots@admin.example2.com +- + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SLEEP=`expr $PCACHETTR + $PCACHE_CCPERIOD + 1` +echo "Waiting $SLEEP seconds for cache to refresh" + +sleep $SLEEP + +echo "Checking entry again" +$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep "^mail: dots@admin" $SEARCHOUT > /dev/null +RC=$? +if test $RC != 0 ; then + echo "Refresh failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +echo "" +echo "Testing Bind caching" + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +UPASSWD="jaj" +echo "Query $CNT: $USERDN" +echo "# Query $CNT: $USERDN" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep "CACHING BIND" $LOG2 > /dev/null +RC=$? +if test $RC != 0 ; then + echo "Refresh failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +UPASSWD="jaj" +echo "Query $CNT: (Bind should be cached)" +echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep "CACHED BIND" $LOG2 > /dev/null +RC=$? +if test $RC != 0 ; then + echo "Refresh failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +echo "" +echo "Testing pwdModify" +$LDAPPASSWD -h $LOCALHOST -p $PORT2 \ + -D "$MANAGERDN" -w "$PASSWD" -s newpw "$USERDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +RC=`grep "CACH.* BIND" $LOG2 | wc -l` +if test $RC != 3 ; then + echo "ldappasswd didn't update the cache" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +UPASSWD=newpw +echo "Query $CNT: (Bind should be cached)" +echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "" -s base -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +RC=`grep "CACH.* BIND" $LOG2 | wc -l` +if test $RC != 4 ; then + echo "Bind wasn't answered from cache" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test021-certificate b/tests/scripts/test021-certificate new file mode 100755 index 0000000..7ffeaf0 --- /dev/null +++ b/tests/scripts/test021-certificate @@ -0,0 +1,325 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +#echo $SLAPADD -f $CONF1 -l $LDIFORDERED +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +#valgrind -v --gdb-attach=yes --logfile=info --num-callers=16 --leak-check=yes --leak-resolution=high $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING </dev/tty > $LOG1 2>&1 & +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +echo "Testing certificate handling..." + +sleep 1 + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Add certificates..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +version: 1 + +# LEADING COMMENT AND WHITE SPACE + +# should use certificationAuthority instead of extensibleObject +dn: dc=example,dc=com +changetype: modify +add: objectClass +objectClass: extensibleObject +- +add: cAcertificate;binary +cAcertificate;binary:: + MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYD + VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg + RXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJ + ARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlj + UGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0 + i5o/4Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbF + YkorWWTe+4eEBd9VPzebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0O + BBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pgjMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ + +UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv + cm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMK + RXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYD + VR0TBAUwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0B + AQQFAAOBgQCgXD/+28El3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow + 90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSjASt40dGlEODkE+FsLMt04sYl6kX7RGKg + 9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1iXEoU3GyA== + +dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +add: objectClass +objectClass: strongAuthenticationUser +- +add: userCertificate;binary +userCertificate;binary:: + MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYD + VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg + RXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhIEhhbXBzdGVyMR8wHQYJKoZI + hvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB + iQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJ + h+qnsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYm + J0erS3aoimOHLEFimmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8 + MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl + cnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUOiC37EK0Uf0XjCBoQYDVR0j + BIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMx + EzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUs + IEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4 + YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESu + xLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7 + Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5jds/HnaJsGcHI5JRG7CBJb + W+wrwge3trJ1xHJI8prN + +dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +add: objectClass +objectClass: strongAuthenticationUser +- +add: userCertificate;binary +userCertificate;binary:: + MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG + A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ + IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w + HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD + gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC + YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy + NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj + gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 + ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh + BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG + EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh + bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO + Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2 + Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt + T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/ + 5MCKLu9bGJUjsKnGdm/KpaNwaNo= + +dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +add: userCertificate;binary +userCertificate;binary:: + MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG + A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF + eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV + BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4 + YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO + 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn + i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD + J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ + YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud + DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS + kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm + b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT + CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G + CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n + Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t + THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ +- +delete: userCertificate;binary +userCertificate;binary:: + MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG + A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ + IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w + HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD + gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC + YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy + NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj + gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 + ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh + BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG + EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh + bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO + Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2 + Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt + T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/ + 5MCKLu9bGJUjsKnGdm/KpaNwaNo= + +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +replace: userCertificate;binary +userCertificate;binary:: + MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET + MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg + THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh + bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG + A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF + eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV + BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4 + YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO + 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn + i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD + J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ + YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud + DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS + kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm + b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT + CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G + CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n + Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t + THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ +- +delete: userCertificate;binary + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo 'Using ldapsearch to retrieve (userCertificate;binary=*) ...' +echo "# (userCertificate;binary=*)" > $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(userCertificate;binary=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo 'Using ldapsearch to retrieve (cAcertificate=*) ...' +echo "# (cAcertificate=*)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(cAcertificate=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SNAI='2$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' + +echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [old format] ...' +echo "# (userCertificate=$SNAI)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SNAI='{ serialNumber 2, issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US" }' + +echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [new format] ...' +echo "# (userCertificate=$SNAI)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SNAI='3$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' + +echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [old format] ...' +echo "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SNAI='{ issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US", serialNumber 3 }' + +echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [new format]...' +echo "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$CERTIFICATETLS + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - certificate operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy new file mode 100755 index 0000000..78b2059 --- /dev/null +++ b/tests/scripts/test022-ppolicy @@ -0,0 +1,673 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $PPOLICY = ppolicyno; then + echo "Password policy overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +USER="uid=nd, ou=People, dc=example, dc=com" +PASS=testpassword + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo /dev/null > $TESTOUT + +echo "Testing redundant ppolicy instance..." +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcOverlay=ppolicy,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcPPolicyConfig +olcOverlay: ppolicy +olcPPolicyDefault: cn=duplicate policy,ou=policies,dc=example,dc=com +EOF +RC=$? +if test $RC = 0 ; then + echo "ldapadd should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldapadd to populate the database..." +# may need "-e relax" for draft 09, but not yet. +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFPPOLICY >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing account lockout..." +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1 +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1 +COUNT=`grep "Account locked" $SEARCHOUT | wc -l` +if test $COUNT != 2 ; then + echo "Account lockout test failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Waiting 20 seconds for lockout to reset..." +sleep 20 + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing password expiration" +echo "Waiting 20 seconds for password to expire..." +sleep 20 + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 2 +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Password expiration failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +COUNT=`grep "grace logins" $SEARCHOUT | wc -l` +if test $COUNT != 3 ; then + echo "Password expiration test failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Resetting password to clear expired status" +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w secret -s $PASS \ + -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filling password history..." +$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: userpassword +userpassword: $PASS +- +replace: userpassword +userpassword: 20urgle12-1 + +dn: $USER +changetype: modify +delete: userpassword +userpassword: 20urgle12-1 +- +replace: userpassword +userpassword: 20urgle12-2 + +dn: $USER +changetype: modify +delete: userpassword +userpassword: 20urgle12-2 +- +replace: userpassword +userpassword: 20urgle12-3 + +dn: $USER +changetype: modify +delete: userpassword +userpassword: 20urgle12-3 +- +replace: userpassword +userpassword: 20urgle12-4 + +dn: $USER +changetype: modify +delete: userpassword +userpassword: 20urgle12-4 +- +replace: userpassword +userpassword: 20urgle12-5 + +dn: $USER +changetype: modify +delete: userpassword +userpassword: 20urgle12-5 +- +replace: userpassword +userpassword: 20urgle12-6 + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +echo "Testing password history..." +$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: userPassword +userPassword: 20urgle12-6 +- +replace: userPassword +userPassword: 20urgle12-2 + +EOMODS +RC=$? +if test $RC = 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing forced reset..." + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +replace: userPassword +userPassword: $PASS +- +replace: pwdReset +pwdReset: TRUE + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Forced reset failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l` +if test $COUNT != 1 ; then + echo "Forced reset test failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Clearing forced reset..." + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: pwdReset + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Clearing forced reset failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing Safe modify..." + +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w $PASS -s failexpect \ + -D "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Safe modify test 1 failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +sleep 2 + +OLDPASS=$PASS +PASS=successexpect + +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w $OLDPASS -s $PASS -a $OLDPASS \ + -D "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Safe modify test 2 failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing length requirement..." +# check control in response (ITS#5711) +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w $PASS -a $PASS -s 2shr \ + -D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1 +RC=$? +cat ${TESTOUT}.2 >> $TESTOUT +if test $RC = 0 ; then + echo "Length requirement test failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` +if test $COUNT != 1 ; then + echo "Length requirement test failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +COUNT=`grep "Password is too short for policy" ${TESTOUT}.2 | wc -l` +if test $COUNT != 1 ; then + echo "Control not returned in response" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing hashed length requirement..." + +$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > \ + ${TESTOUT}.2 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: userPassword +userPassword: $PASS +- +add: userPassword +userPassword: {MD5}xxxxxx + +EOMODS +RC=$? +cat ${TESTOUT}.2 >> $TESTOUT +if test $RC = 0 ; then + echo "Hashed length requirement test failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` +if test $COUNT != 1 ; then + echo "Hashed length requirement test failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing multiple password add/modify checks..." + +$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Add Should Fail, ou=People, dc=example, dc=com +changetype: add +objectClass: inetOrgPerson +cn: Add Should Fail +sn: Fail +userPassword: firstpw +userPassword: secondpw +EOMODS +RC=$? +if test $RC = 0 ; then + echo "Multiple password add test failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +add: userPassword +userPassword: firstpw +userPassword: secondpw +EOMODS +RC=$? +if test $RC = 0 ; then + echo "Multiple password modify add test failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +replace: userPassword +userPassword: firstpw +userPassword: secondpw +EOMODS +RC=$? +if test $RC = 0 ; then + echo "Multiple password modify replace test failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then +echo "" +echo "Setting up policy state forwarding test..." + +mkdir $DBDIR2 +sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2 +echo "Starting slapd consumer on TCP/IP port $PORT2..." +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Configuring syncprov on provider..." +if [ "$SYNCPROV" = syncprovmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn=module,cn=config +objectclass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: syncprov.la + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {1}syncprov + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for provider database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on consumer..." +if [ "$BACKLDAP" = ldapmod ]; then + $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn=module,cn=config +objectclass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-ldap +olcModuleLoad: back_ldap.la + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcChainConfig +olcOverlay: {0}chain + +dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +changetype: add +objectClass: olcLDAPConfig +objectClass: olcChainDatabase +olcDBURI: $URI1 +olcDbIDAssertBind: bindmethod=simple + binddn="cn=manager,dc=example,dc=com" + credentials=secret + mode=self + +dn: olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcSyncrepl +olcSyncrepl: rid=1 + provider=$URI1 + binddn="cn=manager,dc=example,dc=com" + bindmethod=simple + credentials=secret + searchbase="dc=example,dc=com" + type=refreshAndPersist + retry="3 5 300 5" +- +add: olcUpdateref +olcUpdateref: $URI1 +- + +dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcPPolicyForwardUpdates +olcPPolicyForwardUpdates: TRUE +- + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting for consumer to sync..." +sleep $SLEEP1 + +echo "Testing policy state forwarding..." +$LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 +RC=$? +if test $RC != 49 ; then + echo "ldapsearch should have failed with 49, got ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1 +COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` +if test $COUNT != 1 ; then + echo "Policy state forwarding failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +# End of chaining test + +fi + +echo "" +echo "Testing obsolete Netscape ppolicy controls..." +echo "Enabling Netscape controls..." +$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \ + $TESTOUT 2>&1 << EOMODS +dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcPPolicySendNetscapeControls +olcPPolicySendNetscapeControls: TRUE +- + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Reconfiguring policy to remove grace logins..." +$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Standard Policy, ou=Policies, dc=example, dc=com +changetype: modify +delete: pwdGraceAuthnLimit +- +replace: pwdMaxAge +pwdMaxAge: 15 +- + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +OLDPASS=$PASS +PASS=newpass +$LDAPPASSWD -H $URI1 \ + -w secret -s $PASS \ + -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Setting new password failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Clearing forced reset..." +$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: pwdReset + +EOMODS + +DELAY=10 + +echo "Testing password expiration" +echo "Waiting $DELAY seconds for password to expire..." +sleep $DELAY + +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Password expiration failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l` +if test $COUNT = 0 ; then + echo "Password expiring warning test failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test023-refint b/tests/scripts/test023-refint new file mode 100755 index 0000000..2c52659 --- /dev/null +++ b/tests/scripts/test023-refint @@ -0,0 +1,273 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $REFINT = refintno; then + echo "Referential Integrity overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $REFINTCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFREFINT +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd referential integrity operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching unmodified database..." + +$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$EGREP_CMD "(manager|secretary):" $SEARCHOUT | sed "s/george/foster/g" | \ + sort > $TESTOUT 2>&1 + +echo "Testing modrdn..." +$LDAPMODRDN -D "$REFINTDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + /dev/null 2>&1 'uid=george,ou=users,o=refint' 'uid=foster' +#$LDAPMODRDN -D "$REFINTDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD \ +# 'uid=george,ou=users,o=refint' 'uid=foster' + +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +sleep 1; + +echo "Using ldapsearch to check dependents new rdn..." + +$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + +RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$EGREP_CMD "(manager|secretary):" $SEARCHOUT | sort > $SEARCHFLT 2>&1 + +echo "Comparing ldapsearch results against original..." +$CMP $TESTOUT $SEARCHFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - modify operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing delete..." +$LDAPMODIFY -v -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EDEL +version: 1 +dn: uid=foster,ou=users,o=refint +changetype: delete +EDEL + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +sleep 1; + +echo "Using ldapsearch to verify dependents have been deleted..." +$LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$EGREP_CMD "(manager|secretary):" $SEARCHOUT > $SEARCHFLT 2>&1 + +RC=`grep -c foster $SEARCHFLT` +if test $RC != 0 ; then + echo "dependent modify failed - dependents were not deleted" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Additional test records..." + +$LDAPADD -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << ETEST +dn: uid=special,ou=users,o=refint +objectClass: inetOrgPerson +objectClass: extensibleObject +uid: special +sn: special +cn: special +businessCategory: nothing +carLicense: FOO +departmentNumber: 933 +displayName: special +employeeNumber: 41491 +employeeType: vendor +givenName: special +member: uid=alice,ou=users,o=refint +ETEST + +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing delete when referential attribute is a MUST..." +$LDAPMODIFY -v -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EDEL +version: 1 +dn: uid=alice,ou=users,o=refint +changetype: delete +EDEL + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test $BACKEND != "bdb" ; then + $LDAPMODIFY -v -D "$REFINTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EDEL +version: 1 +dn: cn=group,o=refint +changetype: add +objectClass: groupOfNames +cn: group +member: uid=bill,ou=users,o=refint +member: uid=bob,ou=users,o=refint +member: uid=dave,ou=users,o=refint +member: uid=jorge,ou=users,o=refint +member: uid=theman,ou=users,o=refint +member: uid=richard,ou=users,o=refint +EDEL + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + sleep 1; + + $LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 \ + manager member secretary > $SEARCHOUT 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $EGREP_CMD "(manager|member|secretary):" $SEARCHOUT \ + | sed "s/ou=users/ou=people/g" | \ + sort > $TESTOUT 2>&1 + + echo "testing subtree rename" + $LDAPMODRDN -D "$REFINTDN" -r -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + /dev/null 2>&1 'ou=users,o=refint' 'ou=people' + RC=$? + if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + sleep 1; + + echo "Using ldapsearch to check dependents new rdn..." + + $LDAPSEARCH -S "" -b "o=refint" -h $LOCALHOST -p $PORT1 \ + manager member secretary > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $EGREP_CMD "(manager|member|secretary):" $SEARCHOUT \ + | sort > $SEARCHFLT 2>&1 + + echo "Comparing ldapsearch results against original..." + $CMP $TESTOUT $SEARCHFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - subtree rename operations did not complete correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test024-unique b/tests/scripts/test024-unique new file mode 100755 index 0000000..e2457e5 --- /dev/null +++ b/tests/scripts/test024-unique @@ -0,0 +1,797 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $UNIQUE = uniqueno; then + echo "Attribute Uniqueness overlay not available, test skipped" + exit 0 +fi + +RCODEconstraint=19 +test $BACKEND = null && RCODEconstraint=0 + +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $UNIQUECONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFUNIQUE +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +mkdir $TESTDIR/confdir +$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd attribute uniqueness operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding a unique record..." +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > /dev/null << EOTUNIQ1 +dn: uid=dave,ou=users,o=unique +objectClass: inetOrgPerson +objectClass: simpleSecurityObject +uid: dave +sn: nothere +cn: dave +businessCategory: otest +carLicense: TEST +departmentNumber: 42 +# NOTE: use special chars in attr value to be used +# in internal searches ITS#4212 +displayName: Dave (ITS#4212) +employeeNumber: 69 +employeeType: contractor +givenName: Dave +userpassword: $PASSWD +EOTUNIQ1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding a non-unique record..." +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Trying to bypass uniqueness as a normal user..." +$LDAPADD -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Bypassing uniqueness as an admin user..." +$LDAPADD -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Cleaning up" +$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + "uid=bill,ou=users,o=unique" > $TESTOUT 2>&1 +RC=$? +if test $RC != 0; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo Dynamically retrieving initial configuration... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif +cat <<EOF >$TESTDIR/initial-reference.ldif +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {0}unique +olcUniqueBase: o=unique +olcUniqueAttribute: employeeNumber +olcUniqueAttribute: displayName + +EOF +diff $TESTDIR/initial-config.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Initial configuration is not reported correctly." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically trying to add a URI with legacy attrs present... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueURI +olcUniqueURI: ldap:///?employeeNumber,displayName?sub +EOF +RC=$? +if test $RC != 80 ; then + echo "legacy and unique_uri allowed together" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically trying to add legacy ignored attrs with legacy attrs present... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueIgnore +olcUniqueIgnore: objectClass +EOF +RC=$? +if test $RC != 80 ; then + echo "legacy attrs and legacy ignore attrs allowed together" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Verifying initial configuration intact... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config-recheck.ldif +diff $TESTDIR/initial-config-recheck.ldif $TESTDIR/initial-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Initial configuration damaged by unsuccessful modifies." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically removing legacy base... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +delete: olcUniqueBase +EOF +RC=$? +if test $RC != 0 ; then + echo "base removal failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Verifying base removal... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/baseremoval-config.ldif +cat >$TESTDIR/baseremoval-reference.ldif <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {0}unique +olcUniqueAttribute: employeeNumber +olcUniqueAttribute: displayName + +EOF +diff $TESTDIR/baseremoval-config.ldif $TESTDIR/baseremoval-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Configuration damaged by base removal" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a non-unique record..." +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Trying a legacy base outside of the backend... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueBase +olcUniqueBase: cn=config +EOF +RC=$? +if test $RC != 80 ; then + echo "out of backend scope base allowed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding and removing attrs..." +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueAttribute +olcUniqueAttribute: description +olcUniqueAttribute: telephoneNumber +- +delete: olcUniqueAttribute +olcUniqueAttribute: displayName +EOF +RC=$? +if test $RC != 0 ; then + echo "Unable to remove an attribute" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Verifying we removed the right attr..." +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != $RCODEconstraint ; then + echo "olcUniqueAttribtue single deletion hit the wrong value" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Removing legacy config and adding URIs... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +delete: olcUniqueAttribute +- +add: olcUniqueURI +olcUniqueURI: ldap:///?employeeNumber,displayName?sub +olcUniqueURI: ldap:///?description?one +EOF +RC=$? +if test $RC != 0 ; then + echo "Reconfiguration to URIs failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically retrieving second configuration... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config.ldif +cat >$TESTDIR/second-reference.ldif <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {0}unique +olcUniqueURI: ldap:///?employeeNumber,displayName?sub +olcUniqueURI: ldap:///?description?one + +EOF +diff $TESTDIR/second-config.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Second configuration is not reported correctly." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a non-unique record..." +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTUNIQ2 +dn: uid=bill,ou=users,o=unique +objectClass: inetOrgPerson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: contractor +givenName: Bill +EOTUNIQ2 +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically trying to add legacy base +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueBase +olcUniqueBase: o=unique +EOF +RC=$? +if test $RC != 80 ; then + echo "legacy base allowed with URIs" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically trying to add legacy attrs +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueAttribute +olcUniqueAttribute: description +EOF +RC=$? +if test $RC != 80 ; then + echo "legacy attributes allowed with URIs" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically trying to add legacy strictness +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueStrict +olcUniqueStrict: TRUE +EOF +RC=$? +if test $RC != 80 ; then + echo "legacy strictness allowed with URIs" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +#echo ---------------------- +echo Dynamically trying a bad filter... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcUniqueURI +olcUniqueURI: ldap:///?sn?sub?((cn=e*)) +EOF +RC=$? +if test $RC != 80 ; then + echo "bad filter allowed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Verifying second configuration intact... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/second-config-recheck.ldif +diff $TESTDIR/second-config-recheck.ldif $TESTDIR/second-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Second configuration damaged by rejected modifies." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +#echo ---------------------- +echo Dynamically reconfiguring to use different URIs... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcUniqueURI +olcUniqueURI: ldap:///?sn?sub?(cn=e*) +olcUniqueURI: ldap:///?uid?sub?(cn=edgar) +- +delete: olcUniqueURI +olcUniqueURI: ldap:///?description?one +EOF +RC=$? +if test $RC != 0 ; then + echo "unable to reconfigure" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically retrieving third configuration... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/third-config.ldif +cat >$TESTDIR/third-reference.ldif <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {0}unique +olcUniqueURI: ldap:///?employeeNumber,displayName?sub +olcUniqueURI: ldap:///?sn?sub?(cn=e*) +olcUniqueURI: ldap:///?uid?sub?(cn=edgar) + +EOF +diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Third configuration is not reported correctly." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a record unique in both domains if filtered..." + +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=edgar,ou=users,o=unique +objectClass: inetOrgPerson +uid: edgar +sn: johnson +cn: edgar +EOF + +RC=$? +if test $RC != 0 ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a record unique in all domains because of filter conditions " +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +objectClass: inetOrgPerson +uid: edgar +cn: empty +sn: empty +EOF + +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Sending an empty modification" + +$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +changetype: modify +EOF + +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Making a record non-unique" +$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +changetype: modify +replace: sn +sn: johnson +EOF + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Trying to bypass uniqueness as a normal user..." +$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +changetype: modify +replace: sn +sn: johnson +EOF + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Bypassing uniqueness as an admin user..." +$LDAPMODIFY -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +changetype: modify +replace: sn +sn: johnson +EOF + +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Cleaning up" +$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +changetype: modify +replace: sn +sn: empty +EOF + +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding another unique record..." +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=not edgar,uid=edgar,ou=users,o=unique +objectClass: inetOrgPerson +uid: not edgar +sn: Alan +cn: not edgar +EOF + +RC=$? +if test $RC != 0 ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Making the record non-unique with modrdn..." +$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Trying to bypass uniqueness as a normal user..." +$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# ITS#6641/8057 +echo "Bypassing uniqueness as an admin user..." +$LDAPMODRDN -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Cleaning up" +$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + "uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1 +RC=$? +if test $RC != 0; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding a record unique in one domain, non-unique in the filtered domain..." + +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=elvis,ou=users,o=unique +objectClass: inetOrgPerson +uid: elvis +sn: johnson +cn: elvis +EOF + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +#echo ---------------------- +echo Dynamically reconfiguring to use attribute-ignore URIs... +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcUniqueURI +olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub +EOF +RC=$? +if test $RC != 0 ; then + echo "unable to reconfigure" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Dynamically retrieving fourth configuration... +$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/fourth-config.ldif +cat >$TESTDIR/fourth-reference.ldif <<EOF +dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcUniqueConfig +olcOverlay: {0}unique +olcUniqueURI: ignore ldap:///?objectClass,uid,cn,sn?sub + +EOF +diff $TESTDIR/fourth-config.ldif $TESTDIR/fourth-reference.ldif > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Fourth configuration is not reported correctly." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a record unique in the ignore-domain..." + +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=elvis,ou=users,o=unique +objectClass: inetOrgPerson +uid: elvis +sn: johnson +cn: elvis +description: left the building +EOF + +RC=$? +if test $RC != 0 ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Adding a record non-unique in the ignore-domain..." + +$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=harry,ou=users,o=unique +objectClass: inetOrgPerson +uid: harry +sn: johnson +cn: harry +description: left the building +EOF + +RC=$? +if test $RC != $RCODEconstraint ; then + echo "unique check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test025-limits b/tests/scripts/test025-limits new file mode 100755 index 0000000..8c17b2c --- /dev/null +++ b/tests/scripts/test025-limits @@ -0,0 +1,1420 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +## FIXME: need to exclude legal but wrong results... + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKEND = null; then + echo "Limits irrelevant to $BACKEND backend, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFLIMITS +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $LIMITSCONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "" +echo "Testing regular search limits" +echo "" + +echo "Testing no limits requested for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' >$SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limits requested for rootdn=$MANAGERDN..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D "$MANAGERDN" \ + '(objectClass=*)' >$SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=4 +echo "Testing limit requested for rootdn=$MANAGERDN..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D "$MANAGERDN" \ + '(objectClass=*)' >$SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...bumped into requested size limit ($SIZELIMIT)" + else + echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing size limit request ($SIZELIMIT) for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...bumped into requested size limit ($SIZELIMIT)" + else + echo "...error: got $COUNT entries with a requested sizelimit of $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +TIMELIMIT=10 +echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into the requested time limit ($TIMELIMIT s; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 3) + if test x"$COUNT" != x ; then + COUNT=0 + fi + echo "...bumped into requested time limit ($TIMELIMIT s; got $COUNT entries)" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limits requested for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + echo "...bumped into server-side size limit (got $COUNT entries)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=100 +echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + echo "...bumped into requested ($SIZELIMIT) size limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=100 +echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...error: bumped into requested ($SIZELIMIT) size limit" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + else + echo "...got size limit $COUNT instead of requested $SIZELIMIT entries" + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; +# 11) +# echo "...bumped into server-side hard size administrative limit" +# ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=max +echo "Testing max limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + echo "...bumped into requested ($SIZELIMIT=$COUNT) size limit" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; +# 11) +# echo "...bumped into server-side hard size administrative limit" +# ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing lower than unchecked limit request for unchecked limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \ + '(uid=uncheckedlimited)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 11) + echo "...error: bumped into unchecked administrative limit" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $INDEXDB = indexdb ; then + +echo "Testing higher than unchecked limit requested for unchecked limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; + 11) + echo "...bumped into unchecked administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limits requested for unchecked limited group..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User 2,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; + 11) + echo "...bumped into unchecked administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +else + echo "Skipping test for unchecked limit with $BACKEND backend." +fi + +echo "Testing no limits requested for limited regex..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Foo User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limits requested for limited onelevel..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Bar User,ou=People,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for limited children..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited Users,ou=Groups,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for limited subtree..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User 3,ou=Admin,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for limited users..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Special User,dc=example,dc=com' \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for limited anonymous..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + echo "...bumped into server-side size limit ($COUNT)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $MAINDB != maindb ; then + # only bdb|hdb|mdb currently supports pagedResults control + test $KILLSERVERS != no && kill -HUP $KILLPIDS + + echo ">>>>> Test succeeded" + exit 0 +fi + +if test x"$SLAPD_PAGE_SIZE" != x ; then + PAGESIZE="$SLAPD_PAGE_SIZE" + if test "$PAGESIZE" -le 0 ; then + test $KILLSERVERS != no && kill -HUP $KILLPIDS + + echo "" + echo "Testing with pagedResults control disabled" + echo "" + echo ">>>>> Test succeeded" + exit 0 + fi +else + PAGESIZE=5 +fi + +echo "" +echo "Testing regular search limits with pagedResults control (page size $PAGESIZE)" +echo "" + +echo "Testing no limits requested for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' >$SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing size limit request ($SIZELIMIT) for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test $COUNT = $SIZELIMIT ; then + echo "...bumped into requested size limit ($SIZELIMIT)" + else + echo "...error: got $COUNT entries while requesting $SIZELIMIT..." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +TIMELIMIT=10 +echo "Testing time limit request ($TIMELIMIT s) for unlimited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -l $TIMELIMIT \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into the requested time limit ($TIMELIMIT s; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 3) + if test x"$COUNT" = x ; then + COUNT=0 + fi + echo "...bumped into requested time limit ($TIMELIMIT s; got $COUNT entries)" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limits requested for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + echo "...bumped into server-side size limit (got $COUNT entries)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing lower than soft limit request ($SIZELIMIT) for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...bumped into either requested ($SIZELIMIT) or server-side size limit" + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=100 +echo "Testing higher than soft limit request ($SIZELIMIT) for soft limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Soft Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...bumped into either requested ($SIZELIMIT) or server-side size limit" + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=2 +echo "Testing lower than hard limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...error: got size limit $SIZELIMIT but $COUNT entries" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=100 +echo "Testing higher than hard limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test "$COUNT" = "$SIZELIMIT" ; then + echo "...error: bumped into requested ($SIZELIMIT) size limit" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + else + echo "...got size limit $COUNT instead of requested $SIZELIMIT entries" + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; +# 11) +# echo "...bumped into hard size administrative limit" +# ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=max +echo "Testing max limit request ($SIZELIMIT) for hard limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Hard Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...didn't bump into either requested ($SIZELIMIT) or server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + echo "...bumped into requested ($SIZELIMIT=$COUNT) size limit" + else + echo "...error: bumped into size limit but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; +# 11) +# echo "...bumped into hard size administrative limit" +# ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing lower than unchecked limit request for unchecked limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(uid=uncheckedlimited)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; +# 11) +# echo "...bumped into unchecked administrative limit" +# ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing higher than unchecked limit requested for unchecked limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unchecked Limited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...error: didn't bump into server-side unchecked limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; + 11) + echo "...bumped into unchecked administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "" +echo "Testing specific search limits with pagedResults control" +echo "" + +echo "Testing no limit requested for unlimited page size ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + echo "...success; didn't bump into server-side size limit (got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + echo "...bumped into server-side size limit (got $COUNT entries)" + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for limited page size ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Page Size Limited User,ou=Paged Results Users,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into server-side page size limit (got $COUNT entries)" + ;; + 4) + echo "...bumped into page size limit ($COUNT)" + ;; + 11) + echo "...bumped into page size administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for pagedResults disabled ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)" + ;; + 4) + echo "...bumped into server-side size limit ($COUNT)" + ;; + 11) + echo "...bumped into pagedResults disabled administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Testing no limit requested for pagedResults total count limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into server-side unchecked limit (got $COUNT entries)" + ;; + 4) + echo "...bumped into server-side size limit ($COUNT)" + ;; + 11) + echo "...bumped into pagedResults total count administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=8 +echo "Testing higher than hard but lower then total count limit requested for pagedResults total count limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \ + -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)" + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...bumped into either requested ($SIZELIMIT) or server-side size limit" + fi + ;; + 11) + echo "...bumped into either hard size or pagedResults total count administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=15 +echo "Testing higher than total count limit requested for pagedResults total count limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \ + -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)" + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...bumped into either requested ($SIZELIMIT) or server-side size limit" + fi + ;; + 11) + echo "...bumped into pagedResults total count administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +SIZELIMIT=max +echo "Testing max limit requested for pagedResults total count limited ID..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret \ + -D 'cn=Paged Results Limited User,ou=Paged Results Users,dc=example,dc=com' \ + -z $SIZELIMIT -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + echo "...success; didn't bump into either requested ($SIZELIMIT) or server-side unchecked limit (got $COUNT entries)" + ;; + 4) + if test "x$COUNT" != "x" ; then + if test "x$SIZELIMIT" = "x$COUNT" ; then + echo "...bumped into requested ($SIZELIMIT) size limit" + else + echo "...bumped into server-side size limit ($COUNT)" + fi + else + echo "...bumped into either requested ($SIZELIMIT) or server-side size limit" + fi + ;; + 11) + echo "...bumped into pagedResults total count administrative limit" + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# ITS#4479 +PAGESIZE=1 +SIZELIMIT=2 +echo "Testing size limit request ($SIZELIMIT) for unlimited ID and pagesize=$PAGESIZE..." +$LDAPRSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 -w secret -z $SIZELIMIT \ + -D 'cn=Unlimited User,ou=People,dc=example,dc=com' \ + -E '!pr='$PAGESIZE'/noprompt' '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? +COUNT=`awk '/^# numEntries:/ {print $3}' $SEARCHOUT` +case $RC in + 0) + if test x"$COUNT" != x ; then + if test "$COUNT" -gt "$SIZELIMIT" ; then + echo "...error: got $COUNT entries instead of the requested $SIZELIMIT" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + echo "...didn't bump into the requested size limit ($SIZELIMIT; got $COUNT entries)" + else + echo "...error: did not expect ldapsearch success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + ;; + 4) + if test x"$COUNT" != x ; then + if test $COUNT = $SIZELIMIT ; then + echo "...bumped into requested size limit ($SIZELIMIT)" + else + echo "...error: got $COUNT entries while requesting $SIZELIMIT..." + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + else + echo "...error: bumped into server-side size limit, but got no entries!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + ;; + *) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test026-dn b/tests/scripts/test026-dn new file mode 100755 index 0000000..1117f38 --- /dev/null +++ b/tests/scripts/test026-dn @@ -0,0 +1,180 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +. $CONFFILTER $BACKEND $MONITORDB < $DNCONF > $CONF1 +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd DN parsing..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Loading database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD -c -f $LDIFDN > \ + $TESTOUT 2>&1 + +cat /dev/null > $SEARCHOUT + +echo "Searching database..." +echo "# Searching database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="OU=Sales+CN=J. Smith,DC=example,DC=net" +echo "Searching database for DN=\"$DN\"..." +echo "# Searching database for DN=\"$DN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(member=$DN)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="testUUID=597ae2f6-16a6-1027-98f4-ABCDEFabcdef,DC=Example" +echo "Searching database for entryUUID-named DN=\"$DN\"..." +echo "# Searching database for entryUUID-named DN=\"$DN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(member=$DN)" \ + >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="dc=example,dc=com" +echo "Searching database for nameAndOptionalUID=\"$DN\"..." +echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(uniqueMember=$DN)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="dc=example,dc=com#'001000'B" +echo "Searching database for nameAndOptionalUID=\"$DN\"..." +echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(uniqueMember=$DN)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="dc=example,dc=com#'1000'B" +echo "Searching database for nameAndOptionalUID=\"$DN\"..." +echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(uniqueMember=$DN)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="dc=example,dc=com" +echo "Searching database for uniqueMember~=\"$DN\" (approx)..." +echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(uniqueMember~=)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +DN="dc=example,dc=com#'1000'B" +echo "Searching database for uniqueMember~=\"$DN\" (approx)..." +echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(uniqueMember~=$DN)" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original data..." +$LDIFFILTER < $DNOUT > $LDIFFLT +echo "Comparing ldapsearch results against original..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - DN write operations did not complete correctly" + exit 1 +fi + +##### + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test027-emptydn b/tests/scripts/test027-emptydn new file mode 100755 index 0000000..bb0ae28 --- /dev/null +++ b/tests/scripts/test027-emptydn @@ -0,0 +1,175 @@ +#! /bin/sh +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +. $CONFFILTER $BACKEND $MONITORDB < $EMPTYDNCONF > $CONF1 + +echo "Running slapadd to build \"dc=example,dc=com\" slapd database..." +$SLAPADD -f $CONF1 -n 1 -l $LDIFEMPTYDN1 +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapadd to build empty DN slapd database..." +$SLAPADD -f $CONF1 -b "" -l $LDIFEMPTYDN2 +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd empty DN handling..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching database..." + +$LDAPSEARCH -S "" -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +kill -HUP $KILLPIDS +wait + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected results..." +$LDIFFILTER < $EMPTYDNOUT1 > $LDIFFLT +echo "Comparing ldapsearch results against original..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - empty DN write operations did not complete correctly" + exit 1 +fi + +echo "Comparison of database generated via slapadd succeeded" + +echo "Cleaning up database directories..." +/bin/rm -rf $TESTDIR/db.* + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd empty DN handling..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Loading database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -f $LDIFEMPTYDN1 > /dev/null 2>&1 +$LDAPADD -D "$EMPTYDNDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -f $LDIFEMPTYDN2 > /dev/null 2>&1 + +$LDAPMODIFY -D "$EMPTYDNDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > /dev/null 2>&1 << EOF +dn: o=Beispiel,c=DE +changetype: delete + +dn: c=DE +changetype: delete +EOF + +echo "Searching database..." + +$LDAPSEARCH -S "" -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected results..." +$LDIFFILTER < $EMPTYDNOUT2 > $LDIFFLT +echo "Comparing ldapsearch results against original..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - empty DN write operations did not complete correctly" + exit 1 +fi + +##### + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert new file mode 100755 index 0000000..a9347dd --- /dev/null +++ b/tests/scripts/test028-idassert @@ -0,0 +1,278 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "### This test requires the LDAP backend and the rwm overlay." +echo "### If available, and explicitly requested, it can use SASL bind;" +echo "### note that SASL must be properly set up, and the requested" +echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," +echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]." + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $RWM = "rwmno" ; then + echo "Rewrite/remap overlay not available, test skipped" + exit 0 +fi + +if test $THREADS = "threadsno" ; then + echo "Need threads support, test skipped" + exit 0 +fi + +if test $WITH_SASL = "yes" ; then + if test $USE_SASL != "no" ; then + if test $USE_SASL = "yes" ; then + MECH="DIGEST-MD5" + else + MECH="$USE_SASL" + fi + echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" + else + echo "Using proxyAuthz with simple authc..." + fi +else + echo "SASL not available; using proxyAuthz with simple authc..." +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1 +RC=$? +if test $RC != 0 ; then + echo "slapadd -n 1 failed ($RC)!" + exit $RC +fi +$SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2 +RC=$? +if test $RC != 0 ; then + echo "slapadd -n 2 failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT..." +. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Testing ldapwhoami as proxy US..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="u:it/jaj" +echo "Testing ldapwhoami as proxy US, $AUTHZID..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 0 && test $BACKEND != null ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +AUTHZID="u:bjensen" +echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing ldapwhoami as proxy IT..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="u:it/jaj" +echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" +echo "Testing ldapwhoami as proxy IT, $AUTHZID..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 0 && test $BACKEND != null ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US" +echo "Testing ldapwhoami as bjorn, $AUTHZID..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT" +echo "Testing ldapwhoami as bjorn, $AUTHZID..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +AUTHZID="u:it/jaj" +echo "Checking another DB's rootdn can't assert identity from another DB..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID" + +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +ID="uid=jaj,ou=People,dc=example,dc=it" +BASE="o=Example,c=US" +echo "Testing ldapsearch as $ID for \"$BASE\"..." +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ + -D "$ID" -w jaj > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 && test $BACKEND != null ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s ldif=e < $IDASSERTOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - search with identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +if test $USE_SASL != "no" ; then + ID="it/jaj" + BASE="o=Example,c=US" + echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." + $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ + -Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + ID="manager" + AUTHZID="u:it/jaj" + echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..." + $LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \ + -Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID + + RC=$? + if test $RC != 50 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." + $LDIFFILTER < $IDASSERTOUT > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - search with SASL bind and identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test029-ldapglue b/tests/scripts/test029-ldapglue new file mode 100755 index 0000000..52d4984 --- /dev/null +++ b/tests/scripts/test029-ldapglue @@ -0,0 +1,224 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "### This test requires the ldap backend and glue overlay." +echo "### If available, and explicitly requested, it can use SASL bind;" +echo "### note that SASL must be properly set up, and the requested" +echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," +echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]." + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $WITH_SASL = "yes" ; then + if test $USE_SASL != "no" ; then + if test $USE_SASL = "yes" ; then + MECH="DIGEST-MD5" + else + MECH="$USE_SASL" + fi + echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" + else + echo "Using proxyAuthz with simple authc..." + fi +else + echo "SASL not available; using proxyAuthz with simple authc..." +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF1 > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE1 +RC=$? +if test $RC != 0 ; then + echo "slapadd 1 failed ($RC)!" + exit $RC +fi + +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF2 > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE2 +RC=$? +if test $RC != 0 ; then + echo "slapadd 2 failed ($RC)!" + exit $RC +fi + +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF3 > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE3 +RC=$? +if test $RC != 0 ; then + echo "slapadd 3 failed ($RC)!" + exit $RC +fi + +echo "Starting local slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID1=$! +if test $WAIT != 0 ; then + echo PID $PID1 + read foo +fi + +echo "Starting remote slapd 1 on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID2=$! +if test $WAIT != 0 ; then + echo PID $PID2 + read foo +fi + +echo "Starting remote slapd 2 on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $LDAPGLUECONF3 > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PID3=$! +if test $WAIT != 0 ; then + echo PID $PID3 + read foo +fi +KILLPIDS="$PID1 $PID2 $PID3" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +ID="uid=bjorn,ou=People,dc=example,dc=com" +BASE="dc=example,dc=com" +echo "Testing ldapsearch as $ID for \"$BASE\"..." +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ + -D "$ID" -w bjorn > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s ldif=e < $LDAPGLUEOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - glued search with identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +BASE="dc=example,dc=com" +echo "Testing ldapsearch as anonymous for \"$BASE\"..." +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ + > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDAPGLUEANONYMOUSOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - anonymous glued search with identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +# FIXME: this cannot work as is, because SASL bind cannot be proxied! +if test $USE_SASL != "no" ; then + ID="bjorn" + BASE="dc=example,dc=com" + echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." + $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ + -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." + $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test030-relay b/tests/scripts/test030-relay new file mode 100755 index 0000000..531802f --- /dev/null +++ b/tests/scripts/test030-relay @@ -0,0 +1,118 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $RWM = rwmno ; then + echo "rwm (Rewrite/remap) overlay not available, test skipped" + exit 0 +fi + +echo "" + +if test "x$RELAYS" = "x" ; then + RELAYS= + # back-relay + if test $BACKRELAY = relayno ; then + echo "relay backend not available, test skipped" + else + if test "x$RELAYS" != "x" ; then + RELAYS="${RELAYS} " + fi + RELAYS="${RELAYS}relay" + fi + + # back-ldap + if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + else + if test $THREADS = "threadsno" ; then + echo "Need threads support, test skipped" + else + if test "x$RELAYS" != "x" ; then + RELAYS="${RELAYS} " + fi + RELAYS="${RELAYS}ldap" + fi + fi + + # back-meta + if test $BACKMETA = metano ; then + echo "meta backend not available, test skipped" + else + if test $THREADS = "threadsno" ; then + echo "Need threads support, test skipped" + else + if test "x$RELAYS" != "x" ; then + RELAYS="${RELAYS} " + fi + RELAYS="${RELAYS}meta" + fi + fi +fi + +if test "x$RELAYS" = "x" ; then + echo "no relaying capable backend is available" + echo ">>>>> Test succeeded" + exit 0 +fi + +echo "Testing virtual naming context mapping with $RELAYS backend(s)..." +echo "" + +tmpfile=savelog.log +if test -f $tmpfile ; then + rm -f $tmpfile +fi +first=1 +for RELAY in $RELAYS ; do + RUNIT=yes + if test $THREADS = "threadsno" ; then + case $RELAY in + ldap|meta) + echo "Need threads support, test skipped" + RUNIT=no + ;; + esac + fi + + if test $RUNIT = yes ; then + if test $first = 1 ; then + first=0 + else + echo ">>>>> waiting for things to exit" + test $KILLSERVERS != no && wait + echo "" + + mv -f $LOG1 $tmpfile + rm -rf $TESTDIR + fi + + mkdir -p $TESTDIR $DBDIR1 + + if test -f $tmpfile ; then + mv $tmpfile $LOG1 + fi + + . $SRCDIR/scripts/relay + fi +done + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test031-component-filter b/tests/scripts/test031-component-filter new file mode 100755 index 0000000..781e21b --- /dev/null +++ b/tests/scripts/test031-component-filter @@ -0,0 +1,330 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +## If you use this script then +## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes +## and --enable-modules is configured yes +if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then + echo "dynamic module disabled, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +## Make sure that you set a proper path to component matching +## module directory in $COMPCONF +## moduleload path/to/component/library/compmatch.la +## otherwise it fails to execute slapd +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + echo "Be sure to have a certificate module in tests/data/comp_libs " + echo "The module is in openldap/contrib/slapd-modules/comp_match" + echo "Test skipped." + exit 0 +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Testing Component Filter Match RFC3687 Certificate searching:" +echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# extraction filter +FILTER="(x509CertificateIssuer=c=US)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# extraction filter +FILTER="(x509CertificateSerial=0)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# extraction filter +FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test032-chain b/tests/scripts/test032-chain new file mode 100755 index 0000000..9611dd9 --- /dev/null +++ b/tests/scripts/test032-chain @@ -0,0 +1,338 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $ADDCONF +. $CONFFILTER < $LDIFCHAIN1 > $SEARCHOUT +$SLAPADD -f $ADDCONF -l $SEARCHOUT +RC=$? +if test $RC != 0 ; then + echo "slapadd 1 failed ($RC)!" + exit $RC +fi + +. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $ADDCONF +. $CONFFILTER < $LDIFCHAIN2 > $SEARCHOUT +$SLAPADD -f $ADDCONF -l $SEARCHOUT +RC=$? +if test $RC != 0 ; then + echo "slapadd 2 failed ($RC)!" + exit $RC +fi + +echo "Starting first slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID1=$! +if test $WAIT != 0 ; then + echo PID $PID1 + read foo +fi +KILLPIDS="$PID1" + +echo "Starting second slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID2=$! +if test $WAIT != 0 ; then + echo PID $PID2 + read foo +fi + +KILLPIDS="$KILLPIDS $PID2" + +sleep 1 + +echo "Using ldapsearch to check that first slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to check that second slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +for P in $PORT1 $PORT2 ; do + echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..." + $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \ + > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." + $LDIFFILTER < $CHAINOUT > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - chained search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo "Reading the referral entry \"ou=Other,$BASEDN\" as anonymous on port $P..." + $LDAPSEARCH -h $LOCALHOST -p $P -b "ou=Other,$BASEDN" -S "" \ + > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." + $LDIFFILTER < $CHAINREFOUT > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - chained search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + DN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" + echo "Comparing \"$DN\" on port $P..." + $LDAPCOMPARE -h $LOCALHOST -p $P "$DN" "cn:Mark Elliot" \ + > $TESTOUT 2>&1 + + RC=$? + if test $RC != 6 && test $RC,$BACKEND != 5,null ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + DN="ou=Other,$BASEDN" + echo "Comparing \"$DN\" on port $P with manageDSAit control..." + $LDAPCOMPARE -h $LOCALHOST -p $P -M "$DN" "ou:Other" \ + > $TESTOUT 2>&1 + + RC=$? + if test $RC != 6 && test $RC,$BACKEND != 5,null ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +done + +# +# Testing writes to first server +# +echo "Writing to first server with scope on second server..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=New Group,ou=Groups,dc=example,dc=com +changetype: add +objectClass: groupOfNames +cn: New Group +member: + +dn: cn=New Group,ou=Groups,dc=example,dc=com +changetype: modify +add: description +description: testing chain overlay writes... +- +replace: member +member: cn=New Group,ou=Groups,dc=example,dc=com +member: cn=Manager,dc=example,dc=com +- +add: owner +owner: cn=Manager,dc=example,dc=com +- + +dn: cn=New Group,ou=Groups,dc=example,dc=com +changetype: modrdn +newrdn: cn=Renamed Group +deleteoldrdn: 1 + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: delete +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# +# Testing writes to second server +# +echo "Writing to second server with scope on first server..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=New User,ou=People,dc=example,dc=com +changetype: add +objectClass: person +cn: New User +sn: User +seeAlso: cn=New Group,ou=Groups,dc=example,dc=com + +dn: cn=New User,ou=People,dc=example,dc=com +changetype: modify +add: description +description: testing chain overlay writes... +- +replace: seeAlso +seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com +- + +dn: cn=New User,ou=People,dc=example,dc=com +changetype: modrdn +newrdn: cn=Renamed User +deleteoldrdn: 1 + +dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: delete +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +for P in $PORT1 $PORT2 ; do + echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..." + $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \ + > $SEARCHOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." + $LDIFFILTER < $CHAINMODOUT > $LDIFFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - chained search didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +done + +NEWPW=newsecret +echo "Using ldappasswd on second server with scope on first server..." +$LDAPPASSWD -h $LOCALHOST -p $PORT2 \ + -w secret -s $NEWPW \ + -D "$MANAGERDN" "$BJORNSDN" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Binding with newly changed password on first server..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \ + -D "$BJORNSDN" -w $NEWPW +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# ITS#57?? +$LDAPADD -h $LOCALHOST -p $PORT1 \ + -D "$MANAGERDN" -w secret \ + >> $TESTOUT 2>&1 \ + << EOMODS +dn: ou=Can't Contact,dc=example,dc=com +changetype: add +objectclass: referral +objectclass: extensibleobject +ou: Can't Contact +# invalid URI to test broken connectivity handling (search only) +ref: ${URI3}ou=Can't%20Contact,dc=example,dc=com +EOMODS + +echo "Reading the referral entry \"ou=Can't Contact,$BASEDN\" as anonymous on port $PORT1..." +$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=Can't Contact)" \ + > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test033-glue-syncrepl b/tests/scripts/test033-glue-syncrepl new file mode 100755 index 0000000..089ee15 --- /dev/null +++ b/tests/scripts/test033-glue-syncrepl @@ -0,0 +1,188 @@ +#! /bin/sh +# $OpenLDAP$ */ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR2A $DBDIR2B + +echo "Running slapadd to build glued slapd databases..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUECONF > $CONF1 +$SLAPADD -d $LVL -f $CONF1 -l $LDIFORDERED > $SLAPADDLOG1 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +rm -rf $DBDIR1A/* $DBDIR1B/* +cp -pr $DBDIR1C $DBDIR2C + +echo "Starting slapd 1 on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUESYNCCONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd 1 is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Starting slapd 2 on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUESYNCCONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd 2 is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +SUBTREE1="ou=Information Technology Division,ou=People,dc=example,dc=com" +SUBTREE2="ou=Groups,dc=example,dc=com" + +echo "Using ldapadd to populate subtree=\"${SUBTREE1}\" on port $PORT1..." +$LDAPADD -D "cn=Manager 1,$BASEDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \ + -f $LDIFORDERED -c \ + > /dev/null 2>&1 +RC=$? +case $RC in +0) + echo "ldapadd should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +10|68) + # Fine if we get alreadyExists or referrals + ;; +*) + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Using ldapadd to populate subtree=\"${SUBTREE2}\" on port $PORT2..." +$LDAPADD -D "cn=Manager 2,$BASEDN" -w $PASSWD -h $LOCALHOST -p $PORT2 \ + -f $LDIFORDERED -c \ + > /dev/null 2>&1 +RC=$? +case $RC in +0) + echo "ldapadd should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +10|68) + # Fine if we get alreadyExists or referrals + ;; +*) + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Waiting $SLEEP1 seconds for shadow subtrees to sync..." +sleep $SLEEP1 + +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $GLUESYNCOUT > $LDIFFLT + +for P in $PORT1 $PORT2 ; do + echo "Using ldapsearch to read all the entries from port $P..." + $LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $P \ + -S "" '(objectclass=*)' > "${SEARCHOUT}.${P}" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Filtering ldapsearch results..." + $LDIFFILTER < "${SEARCHOUT}.${P}" > $SEARCHFLT + echo "Comparing filter output..." + $CMP $SEARCHFLT $LDIFFLT > $CMPOUT + + if test $? != 0 ; then + echo "comparison failed - database was not created correctly" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +done + +echo "Testing ldapdelete propagation..." +$LDAPDELETE -D "cn=Manager 1,$BASEDN" -w $PASSWD -H $URI1 "$BABSDN" \ + > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# This usually propagates immediately +sleep 1 + +$LDAPSEARCH -H $URI2 -b "$BABSDN" > $TESTOUT 2>&1 +RC=$? +if test $RC = 0 && test $BACKEND != null ; then + echo "ldapsearch should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test034-translucent b/tests/scripts/test034-translucent new file mode 100755 index 0000000..b081750 --- /dev/null +++ b/tests/scripts/test034-translucent @@ -0,0 +1,803 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +PERSONAL="(objectClass=inetOrgPerson)" +NOWHERE="/dev/null" +FAILURE="additional info:" + +if test $TRANSLUCENT = translucentno ; then + echo "Translucent Proxy overlay not available, test skipped" + exit 0 +fi + +if test $AC_ldap = ldapno ; then + echo "Translucent Proxy overlay requires back-ldap backend, test skipped" + exit 0 +fi + +# configure backside +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +if test $MONITORDB != no ; then + DBIX=2 +else + DBIX=1 +fi + +. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTREMOTECONF > $CONF1 +echo "Running slapadd to build remote slapd database..." +$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting remote slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +REMOTEPID="$PID" +KILLPIDS="$PID" + +sleep 1 + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for remote slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# configure frontside +mkdir -p $DBDIR2 + +. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF > $CONF2 + +echo "Starting local slapd on TCP/IP port $PORT2..." +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +LOCALPID="$PID" +KILLPIDS="$LOCALPID $REMOTEPID" + +sleep 1 + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for local slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing slapd Translucent Proxy operations..." + +echo "Testing search: no remote data defined..." + +$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test -s $SEARCHOUT; then + echo "ldapsearch should have returned no records!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Populating remote database..." + +$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \ + -w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing search: remote database via local slapd..." + +$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +$LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed -- corruption from remote to local!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing add: prohibited local record..." + +$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \ + -w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 + +RC=$? +if test $RC != 50 ; then + echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing add: valid local record, no_glue..." + +$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \ + -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 + +RC=$? +if test $RC != 32 && test $RC,$BACKEND != 0,null ; then + echo "ldapadd failed ($RC), expected NO SUCH OBJECT!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modrdn: valid local record, no_glue..." + +$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' + +RC=$? +if test $RC != 32 && test $RC,$BACKEND != 0,null ; then + echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Dynamically configuring local slapd without translucent_no_glue..." + +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF +dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +replace: olcTranslucentNoGlue +olcTranslucentNoGlue: FALSE +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify of dynamic config failed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing add: valid local record..." + +$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \ + -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing search: data merging..." + +$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +$LDIFFILTER < $LDIFTRANSLUCENTMERGED > $LDIFFLT +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed -- local data failed to merge with remote!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing compare: valid local..." + +$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ + "uid=danger,ou=users,o=translucent" "carLicense:LIVID" + +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC), expected TRUE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing compare: valid remote..." + +$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ + "uid=binder,o=translucent" "businessCategory:binder-test-user" + +RC=$? +if test $RC != 6 ; then + echo "ldapcompare failed ($RC), expected TRUE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing compare: bogus local..." + +$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ + "uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value" + +RC=$? +if test $RC != 5 ; then + echo "ldapcompare failed ($RC), expected FALSE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing compare: bogus remote..." + +$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ + "uid=binder,o=translucent" "businessCategory:invalid-test-value" + +RC=$? +if test $RC != 5 ; then + echo "ldapcompare failed ($RC), expected FALSE!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modify: nonexistent record..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD +version: 1 +dn: uid=bogus,ou=users,o=translucent +changetype: modify +replace: roomNumber +roomNumber: 31J-2112 +EOF_MOD + +RC=$? +if test $RC != 32 ; then + echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modify: valid local record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD1 +version: 1 +dn: uid=danger,ou=users,o=translucent +changetype: modify +replace: roomNumber +roomNumber: 9N-21 +EOF_MOD1 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 +if test "$ATTR" != "roomNumber: 9N-21" ; then + echo "modification failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing search: specific nonexistent remote attribute..." + +$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing modify: nonexistent local record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD2 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: modify +replace: roomNumber +roomNumber: 31J-2112 +EOF_MOD2 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 +if test "$ATTR" != "roomNumber: 31J-2112" ; then + echo "modification failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modify: valid remote record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD9 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: modify +delete: preferredLanguage +EOF_MOD9 + +RC=$? +if test $RC != 16 ; then + echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing delete: valid local record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD4 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: modify +delete: roomNumber +EOF_MOD4 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing modrdn: prohibited local record..." + +$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ + $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' + +RC=$? +if test $RC != 50 ; then + echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modrdn: valid local record..." + +$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' + +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing delete: prohibited local record..." + +$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ + $TESTOUT 2>&1 << EOF_DEL2 +version: 1 +dn: uid=someguy,ou=users,o=translucent +changetype: delete +EOF_DEL2 + +RC=$? +if test $RC != 50 ; then + echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing delete: valid local record..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_DEL3 +version: 1 +dn: uid=someguy,ou=users,o=translucent +changetype: delete +EOF_DEL3 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing delete: valid remote record..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_DEL8 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: delete +EOF_DEL8 + +RC=$? +if test $RC != 32 ; then + echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing delete: nonexistent local record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_DEL1 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: modify +delete: roomNumber +EOF_DEL1 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing delete: valid local record, nonexistent attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD8 +version: 1 +dn: uid=danger,ou=users,o=translucent +changetype: modify +delete: preferredLanguage +EOF_MOD8 + +RC=$? +if test $RC != 16 ; then + echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing delete: valid local record, remote attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD8 +version: 1 +dn: uid=danger,ou=users,o=translucent +changetype: modify +delete: initials +EOF_MOD8 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modify: valid remote record, combination add-modify-delete..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD6 +version: 1 +dn: uid=fred,ou=users,o=translucent +changetype: modify +delete: carLicense +- +add: preferredLanguage +preferredLanguage: ISO8859-1 +- +replace: employeeType +employeeType: consultant +EOF_MOD6 + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1 +if test "$ATTR" != "employeeType: consultant" ; then + echo "modification failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1 +if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then + echo "modification failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..." + +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF +dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +replace: olcTranslucentNoGlue +olcTranslucentNoGlue: TRUE +- +replace: olcTranslucentStrict +olcTranslucentStrict: TRUE +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify of dynamic config failed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing strict mode delete: nonexistent local attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD5 +version: 1 +dn: uid=example,ou=users,o=translucent +changetype: modify +delete: preferredLanguage +EOF_MOD5 + +RC=$? +if test $RC != 19 ; then + echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing strict mode delete: nonexistent remote attribute..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD3 +version: 1 +dn: uid=danger,ou=users,o=translucent +changetype: modify +delete: displayName +EOF_MOD3 + +RC=$? +if test $RC != 19 ; then + echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing strict mode modify: combination add-modify-delete..." + +$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF_MOD6 +version: 1 +dn: uid=example,ou=users,o=translucent +changetype: modify +delete: carLicense +- +add: preferredLanguage +preferredLanguage: ISO8859-1 +- +replace: employeeType +employeeType: consultant +EOF_MOD6 + +RC=$? +if test $RC != 19 ; then + echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing invalid Bind request..." +$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \ + $TESTOUT 2>&1 +RC=$? +if test $RC != 49 ; then + echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \ + $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC), expected SUCCESS!" + grep "$FAILURE" $TESTOUT + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing search: unconfigured local filter..." +$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 + +ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 +if test -n "$ATTR" ; then + echo "got result $ATTR, should have been no result" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Dynamically configuring local slapd with translucent_local..." + +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF +dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +add: olcTranslucentLocal +olcTranslucentLocal: employeeType +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify of dynamic config failed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing search: configured local filter..." +$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 + +ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 +if test -z "$ATTR" ; then + echo "got no result, should have found entry" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing search: unconfigured remote filter..." +$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 + +ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 +if test -n "$ATTR" ; then + echo "got result $ATTR, should have been no result" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Dynamically configuring local slapd with translucent_remote..." + +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF +dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +add: olcTranslucentRemote +olcTranslucentRemote: carLicense +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify of dynamic config failed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing search: configured remote filter..." +$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 + +ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 +if test -z "$ATTR" ; then + echo "got no result, should have found entry" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test035-meta b/tests/scripts/test035-meta new file mode 100755 index 0000000..bd07f14 --- /dev/null +++ b/tests/scripts/test035-meta @@ -0,0 +1,739 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "" + +if test $BACKMETA = metano ; then + echo "meta backend not available, test skipped" + exit 0 +fi + +if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + exit 0 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \ + $LDIFMETA >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +BASEDN="o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# ITS#4195: spurious matchedDN when the search scopes the main target, +# and the searchBase is not present, so that target returns noSuchObject +BASEDN="ou=Meta,o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Do some modifications +# + +BASEDN="o=Example,c=US" +echo "Modifying database \"$BASEDN\"..." +$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT3 -w $PASSWD \ + -M >> $TESTOUT 2>&1 << EOMODS +# These operations (updates with objectClass mapping) triggered ITS#3499 +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +objectClass: uidObject +cn: Added Group +member: cn=Added Group,ou=Groups,$BASEDN +uid: added + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +cn: Another Added Group +member: cn=Added Group,ou=Groups,$BASEDN +member: cn=Another Added Group,ou=Groups,$BASEDN + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: modify +add: objectClass +objectClass: uidObject +- +add: uid +uid: added +- + +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: modify +delete: objectClass +objectClass: uidObject +- +delete: uid +- + +dn: ou=Meta,$BASEDN +changetype: modify +add: description +description: added to "ou=Meta,$BASEDN" +- + +dn: ou=Who's going to handle this?,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: ou=Who's going to handle this?,$BASEDN +changetype: delete + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: cn=Added User,ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: inetOrgPerson +cn: Added User +sn: User +userPassword: secret + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: delete +EOMODS + +RC=$? +#if test $RC != 0 ; then +# echo "Modify failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Modify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"seeAlso\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"seeAlso\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" seeAlso \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(uid=example)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"uid\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"uid\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" uid \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"member\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Waiting 10 seconds for cached connections to timeout..." +sleep 10 + +echo "Searching with a timed out connection..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"" >> $SEARCHOUT +echo "# with a timed out connection..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking server-enforced size limit..." +echo "# Checking server-enforced size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking client-requested size limit..." +echo "# Checking client-requested size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" -z 2 "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $METAOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - meta search/modification didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +BASEDN="o=Example,c=US" +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s $PASSWD "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Binding with newly changed password to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Binding as newly added user to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s meta "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Binding with newly changed password to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w meta >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Binding with incorrect password to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Binding with non-existing user to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Non-existing User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Comparing to database \"$BASEDN\"..." +$LDAPCOMPARE -h $LOCALHOST -p $PORT3 \ + "cn=Another Added Group,ou=Groups,$BASEDN" \ + "member:cn=Added Group,ou=Groups,$BASEDN" >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 6 ; then +# echo "Compare failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit -1 +#fi +case $RC,$BACKEND in + 6,* | 5,null) + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "Compare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test036-meta-concurrency b/tests/scripts/test036-meta-concurrency new file mode 100755 index 0000000..9c989a2 --- /dev/null +++ b/tests/scripts/test036-meta-concurrency @@ -0,0 +1,242 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "" + +if test $BACKMETA = metano ; then + echo "meta backend not available, test skipped" + exit 0 +fi + +if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + exit 0 +fi + +if test x$TESTLOOPS = x ; then + TESTLOOPS=50 +fi + +if test x$TESTCHILDREN = x ; then + TESTCHILDREN=20 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +# NOTE: this could be added to all tests... +if test "$BACKEND" = "bdb" || test "$BACKEND" = "hdb" ; then + if test "x$DB_CONFIG" != "x" ; then \ + if test -f $DB_CONFIG ; then + echo "==> using DB_CONFIG \"$DB_CONFIG\"" + cp $DB_CONFIG $DBDIR1 + cp $DB_CONFIG $DBDIR2 + else + echo "==> DB_CONFIG must point to a valid file (ignored)" + fi + else + echo "==> set \"DB_CONFIG\" to the DB_CONFIG file you want to use for the test." + fi + echo "" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \ + $LDIFMETA >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +mkdir -p $TESTDIR/$DATADIR +METABASEDN="o=Example,c=US" +for f in $DATADIR/do_* ; do + sed -e "s;$BASEDN;$METABASEDN;" $f > $TESTDIR/$f +done + +# add a read that matches only the local database, but selects +# also the remote as candidate; this should be removed to compare +# execution times with test008... +for f in $TESTDIR/$DATADIR/do_read.* ; do + echo "ou=Meta,$METABASEDN" >> $f +done + +# add a read that matches a referral in the local database only, +# but selects also the remote as candidate; this should be removed +# to compare execution times with test008... +for f in $TESTDIR/$DATADIR/do_read.* ; do + echo "cn=Somewhere,ou=Meta,$METABASEDN" >> $f +done + +# add a bind that resolves to a referral +for f in $TESTDIR/$DATADIR/do_bind.* ; do + echo "cn=Foo,ou=Meta,$METABASEDN" >> $f + echo "bar" >> $f + echo "" >> $f + echo "" >> $f +done + +# fix test data to include back-monitor, if available +# NOTE: copies do_* files from $TESTDIR/$DATADIR to $TESTDIR +$MONITORDATA "$MONITORDB" "$TESTDIR/$DATADIR" "$TESTDIR" + +BINDDN="cn=Manager,o=Local" +PASSWD="secret" +echo "Using tester for concurrent server access..." +$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT3 \ + -D "$BINDDN" -w $PASSWD -l $TESTLOOPS -j $TESTCHILDREN \ + -r 20 -i '!REFERRAL' -i '*INVALID_CREDENTIALS' -SS +RC=$? + +if test $RC != 0 ; then + echo "slapd-tester failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \ + 'objectClass=*' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - slapd-meta search/modification didn't succeed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test037-manage b/tests/scripts/test037-manage new file mode 100755 index 0000000..228cbb4 --- /dev/null +++ b/tests/scripts/test037-manage @@ -0,0 +1,219 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKEND = "ldif" ; then + echo "LDIF backend does not support relax control, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd Manage operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing modify, add, and delete..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + -e \!relax > \ + $TESTOUT 2>&1 << EOMODS +version: 1 +# +# Working Tests +# + +# +# ObjectClass tests +# + +dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example, + dc=com +# add obsolete auxiliary objectclass +changetype: modify +add: objectClass +objectClass: obsoletePerson + +dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example, + dc=com +# add obsolete attribute +changetype: modify +add: testObsolete +testObsolete: TRUE + +# +# create/modify timestamp test +# + +dn: ou=Groups,dc=example,dc=com +# change creatorsName +changetype: modify +replace: creatorsName +creatorsName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +# change modifiersName +changetype: modify +replace: modifiersName +modifiersName: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com + +dn: dc=example,dc=com +# change timestamps +changetype: modify +replace: modifyTimestamp +modifyTimestamp: 19700101000000Z +- +replace: createTimestamp +createTimestamp: 19700101000000Z +- + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +# change entryUUID +changetype: modify +replace: entryUUID +entryUUID: badbadba-dbad-1029-92f7-badbadbadbad + +dn: cn=All Staff,dc=example,dc=com +changetype: add +objectClass: groupOfNames +cn: All Staff +member: +creatorsName: cn=Someone +createTimestamp: 19700101000000Z +modifiersName: cn=Someone Else +modifyTimestamp: 19700101000000Z +entryUUID: badbadef-dbad-1029-92f7-badbadbadbad + +# +# Tests that did not work until ITS#5792 +# + +dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example, + dc=com +# update structural object class of entry via objectClass replace +changetype: modify +replace: objectClass +objectClass: obsoletePerson +objectClass: testPerson +- + +dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com +# update structural object class of entry via objectClass add +changetype: modify +add: objectClass +objectClass: testPerson +- + +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +# update structural object class of entry via objectClass delete/add +changetype: modify +delete: objectClass +objectClass: OpenLDAPperson +- +add: objectClass +objectClass: testPerson +- +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' '*' creatorsName modifiersName > $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + test $KILLSERVERS != no && kill -HUP $KILLPIDS + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +$LDAPSEARCH -S "" -b "$BASEDN" -s base -h $LOCALHOST -p $PORT1 \ + 'objectClass=*' '*' creatorsName createTimestamp \ + modifiersName modifyTimestamp >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + test $KILLSERVERS != no && kill -HUP $KILLPIDS + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(cn=All Staff)' '*' entryUUID >> $SEARCHOUT 2>&1 +RC=$? +test $KILLSERVERS != no && kill -HUP $KILLPIDS +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +LDIF=$MANAGEOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - manage operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test038-retcode b/tests/scripts/test038-retcode new file mode 100755 index 0000000..d6ea021 --- /dev/null +++ b/tests/scripts/test038-retcode @@ -0,0 +1,112 @@ +#! /bin/sh +# $Header$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $RETCODE = retcodeno; then + echo "Retcode overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $RETCODECONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing search for timelimitExceeded..." +$LDAPSEARCH -b "cn=timelimitExceeded,ou=RetCodes,$BASEDN" \ + -h $LOCALHOST -p $PORT1 '(objectClass=*)' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 3 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing modify for unwillingToPerform..." +$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD \ + -h $LOCALHOST -p $PORT1 >> $TESTOUT 2>&1 << EOMODS +dn: cn=unwillingToPerform,ou=RetCodes,$BASEDN +changetype: delete +EOMODS +RC=$? +if test $RC != 53 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Testing compare for success after sleep (2 s)..." +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Success w/ Delay,ou=RetCodes,$BASEDN" "cn:foo" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test039-glue-ldap-concurrency b/tests/scripts/test039-glue-ldap-concurrency new file mode 100755 index 0000000..6fcf5c9 --- /dev/null +++ b/tests/scripts/test039-glue-ldap-concurrency @@ -0,0 +1,231 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "" + +if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + exit 0 +fi + +if test $RWM = rwmno ; then + echo "rwm (rewrite/remap) overlay not available, test skipped" + exit 0 +fi + +if test x$TESTLOOPS = x ; then + TESTLOOPS=50 +fi + +if test x$TESTOLOOPS = x ; then + TESTOLOOPS=1 +fi + +if test x$TESTCHILDREN = x ; then + TESTCHILDREN=20 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \ + $LDIFMETA >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUELDAPCONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +mkdir -p $TESTDIR/$DATADIR +METABASEDN="o=Example,c=US" +for f in $DATADIR/do_* ; do + sed -e "s;$BASEDN;$METABASEDN;" $f > $TESTDIR/$f +done + +# add a read that matches only the local database, but selects +# also the remote as candidate; this should be removed to compare +# execution times with test008... +for f in $TESTDIR/$DATADIR/do_read.* ; do + echo "ou=Meta,$METABASEDN" >> $f +done + +# add a read that matches a referral in the local database only, +# but selects also the remote as candidate; this should be removed +# to compare execution times with test008... +for f in $TESTDIR/$DATADIR/do_read.* ; do + echo "cn=Somewhere,ou=Meta,$METABASEDN" >> $f +done + +# add a bind that resolves to a referral +for f in $TESTDIR/$DATADIR/do_bind.* ; do + echo "cn=Foo,ou=Meta,$METABASEDN" >> $f + echo "bar" >> $f + echo "" >> $f + echo "" >> $f +done + +# fix test data to include back-monitor, if available +# NOTE: copies do_* files from $TESTDIR/$DATADIR to $TESTDIR +$MONITORDATA "$MONITORDB" "$TESTDIR/$DATADIR" "$TESTDIR" + +echo "Using tester for concurrent server access..." +BINDDN="cn=Manager,o=Local" +PASSWD="secret" +$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT3 \ + -D "$BINDDN" -w $PASSWD \ + -l $TESTLOOPS -L $TESTOLOOPS -j $TESTCHILDREN -r 20 \ + -i '!REFERRAL' -i '*INVALID_CREDENTIALS' -SS +RC=$? + +if test $RC != 0 ; then + echo "slapd-tester failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to retrieve all the entries..." +$LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > $SEARCHOUT 2>&1 +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - slapd-ldap search/modification didn't succeed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test040-subtree-rename b/tests/scripts/test040-subtree-rename new file mode 100755 index 0000000..5860356 --- /dev/null +++ b/tests/scripts/test040-subtree-rename @@ -0,0 +1,209 @@ +#! /bin/sh +# $OpenLDAP$ */ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKEND = bdb ; then + echo "subtree rename not supported by back-$BACKEND" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $TESTOUT +cat /dev/null > $SEARCHOUT + +# Add +echo "Populating the database..." +echo "# Populating the database..." >> $TESTOUT +$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS0 +dn: dc=example,dc=com +objectClass: organization +objectClass: dcObject +o: Example, Inc. +dc: example + +dn: ou=Parent,dc=example,dc=com +objectClass: organizationalUnit +ou: Parent + +dn: ou=Another parent,dc=example,dc=com +objectClass: organizationalUnit +ou: Another parent + +dn: ou=Child,ou=Parent,dc=example,dc=com +objectClass: organizationalUnit +ou: Child + +dn: ou=Grandchild,ou=Child,ou=Parent,dc=example,dc=com +objectClass: organizationalUnit +ou: Grandchild +EOMODS0 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching all database..." +echo "# Searching all database (after add)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Rename (PASS1) +echo "Renaming (PASS1)..." +echo "# Renaming (PASS1)..." >> $TESTOUT +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS1 +dn: ou=Child,ou=Parent,dc=example,dc=com +changetype: modrdn +newrdn: ou=Renamed child +deleteoldrdn: 0 +EOMODS1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching all database..." +echo "# Searching all database (after PASS1)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Rename (PASS2) +echo "Renaming (PASS2)..." +echo "# Renaming (PASS2)..." >> $TESTOUT +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS2 +dn: ou=Parent,dc=example,dc=com +changetype: modrdn +newrdn: ou=Renamed parent +deleteoldrdn: 0 +EOMODS2 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching all database..." +echo "# Searching all database (after PASS2)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Rename (PASS3) +echo "Renaming (PASS3)..." +echo "# Renaming (PASS3)..." >> $TESTOUT +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS3 +dn: ou=Renamed child,ou=Renamed parent,dc=example,dc=com +changetype: modrdn +newrdn: ou=Renamed child +deleteoldrdn: 0 +newsuperior: ou=Another parent,dc=example,dc=com +EOMODS3 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Searching all database..." +echo "# Searching all database (after PASS3)..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$SUBTREERENAMEOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test041-aci b/tests/scripts/test041-aci new file mode 100755 index 0000000..79f5fcb --- /dev/null +++ b/tests/scripts/test041-aci @@ -0,0 +1,258 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +case "$BACKEND" in ldif | null) + echo "$BACKEND backend does not support access controls, test skipped" + exit 0 + ;; +esac + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test "$ACI" = "acino" ; then + echo "ACI not enabled, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $ACICONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd ACI access control..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT +cat /dev/null > $TESTOUT + +# Search must fail +BASEDN="dc=example,dc=com" +echo "Searching \"$BASEDN\" (should fail)..." +echo "# Searching \"$BASEDN\" (should fail)..." >> $SEARCHOUT +$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 32 ; then + echo "ldapsearch should have failed with noSuchObject ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + if test $RC = 0 ; then + exit -1 + fi + exit $RC +fi + +# Bind must fail +BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjensen +echo "Testing ldapwhoami as ${BINDDN} (should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW +RC=$? +if test $RC = 0 ; then + echo "ldapwhoami should have failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +# Populate ACIs +echo "Writing ACIs as \"$MANAGERDN\"..." +$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS0 +dn: dc=example,dc=com +changetype: modify +add: OpenLDAPaci +OpenLDAPaci: 0#subtree#grant;d,c,s,r;[all]#group/groupOfUniqueNames/uniqueMe + mber#cn=ITD Staff,ou=Groups,dc=example,dc=com +OpenLDAPaci: 1#entry#grant;d;[all]#public# + +dn: ou=People,dc=example,dc=com +changetype: modify +add: OpenLDAPaci +OpenLDAPaci: 0#subtree#grant;x;userPassword#public# +OpenLDAPaci: 1#subtree#grant;w;userPassword#self# +OpenLDAPaci: 2#subtree#grant;w;userPassword#access-id#cn=Bjorn Jensen,ou=Inf + ormation Technology Division,ou=People,dc=example,dc=com + +dn: ou=Groups,dc=example,dc=com +changetype: modify +add: OpenLDAPaci +OpenLDAPaci: 0#entry#grant;s;[all]#public# +OpenLDAPaci: 1#children#grant;r;member;r;uniqueMember#access-id#cn=Bjorn Jen + sen,ou=Information Technology Division,ou=People,dc=example,dc=com +EOMODS0 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Search must succeed with no results +BASEDN="dc=example,dc=com" +echo "Searching \"$BASEDN\" (should succeed with no results)..." +echo "# Searching \"$BASEDN\" (should succeed with no results)..." >> $SEARCHOUT +$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + ### TEMPORARY (see ITS#3963) + echo "ldapsearch failed ($RC)! IGNORED..." + ###echo "ldapsearch failed ($RC)!" + ###test $KILLSERVERS != no && kill -HUP $KILLPIDS + ###exit $RC +fi + +BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjensen +echo "Testing ldapwhoami as ${BINDDN}..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Search must succeed +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +BASEDN="dc=example,dc=com" +echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." +echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT +$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -D "$BINDDN" -w "$BINDPW" \ + '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Passwd must succeed +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" +NEWPW=jdoe +echo "Setting \"$TGT\" password..." +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w "$BINDPW" -s "$NEWPW" \ + -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Re-change as self... +echo "Changing self password..." +BINDDN="$TGT" +BINDPW=$NEWPW +TGT="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" +NEWPW=newcred +$LDAPPASSWD -h $LOCALHOST -p $PORT1 \ + -w "$BINDPW" -s "$NEWPW" \ + -D "$BINDDN" "$TGT" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldappasswd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Searching groups +BINDPW=$NEWPW +BASEDN="ou=Groups,dc=example,dc=com" +echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." +echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed)..." >> $SEARCHOUT +$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -D "$BINDDN" -w "$BINDPW" \ + '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Search must fail +BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjensen +echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." +echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT +$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -D "$BINDDN" -w "$BINDPW" \ + '(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$ACIOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s mdb=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s mdb=e < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test042-valsort b/tests/scripts/test042-valsort new file mode 100755 index 0000000..0056bf3 --- /dev/null +++ b/tests/scripts/test042-valsort @@ -0,0 +1,229 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $VALSORT = valsortno; then + echo "Valsort overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $VALSORTCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFVALSORT +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd sorted values operations..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing ascending and weighted sort" + +FILTER="objectClass=*" +$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected ldif..." +$LDIFFILTER < $VALSORTOUT1 > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Reconfiguring slapd to test valsort descending" + +$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ + $TESTOUT 2>&1 << EOMODS +version: 1 +dn: olcOverlay={0}valsort,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcValSortAttr +olcValSortAttr: employeeType "ou=users,o=valsort" weighted alpha-descend +olcValSortAttr: ou "ou=users,o=valsort" weighted +olcValSortAttr: mailPreferenceOption "ou=users,o=valsort" numeric-descend +olcValSortAttr: departmentNumber "ou=users,o=valsort" alpha-descend +olcValSortAttr: sn "ou=users,o=valsort" alpha-descend + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing descending and weighted sort" + +$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected ldif..." +$LDIFFILTER < $VALSORTOUT2 > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Adding a valsort record with weighted ou..." + +$LDAPADD -D "$VALSORTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > /dev/null << EOTVALSORT1 +dn: uid=dave,ou=users,o=valsort +objectClass: OpenLDAPperson +uid: dave +sn: nothere +cn: dave +businessCategory: otest +carLicense: TEST +departmentNumber: 42 +displayName: Dave +employeeNumber: 69 +employeeType: {1}contractor +givenName: Dave +ou: {1}Test +ou: {3}Okay +ou: {2}Is +EOTVALSORT1 + +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo ---------------------- +#$LDAPSEARCH -b "o=valsort" -h $LOCALHOST -p $PORT1 + +echo "Adding a non-weighted valsort record with ou..." + +$LDAPADD -D "$VALSORTDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOTVALSORT2 +dn: uid=bill,ou=users,o=valsort +objectClass: OpenLDAPperson +uid: bill +sn: johnson +cn: bill +businessCategory: rtest +carLicense: ABC123 +departmentNumber: 42 +displayName: Bill +employeeNumber: 5150 +employeeType: {1}contractor +givenName: Bill +ou: Test +ou: Okay +ou: Is +EOTVALSORT2 + +RC=$? +if test $RC != 19 ; then + echo "valsort check failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +$LDAPSEARCH -b "$VALSORTBASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" > $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected ldif..." +$LDIFFILTER -s ldif=e < $VALSORTOUT3 > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +test $KILLSERVERS != no && wait + +echo ">>>>> Test succeeded" + +exit 0 diff --git a/tests/scripts/test043-delta-syncrepl b/tests/scripts/test043-delta-syncrepl new file mode 100755 index 0000000..2b93a9a --- /dev/null +++ b/tests/scripts/test043-delta-syncrepl @@ -0,0 +1,399 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi +if test $ACCESSLOG = accesslogno; then + echo "Accesslog overlay not available, test skipped" + exit 0 +fi +if test $BACKEND = ldif ; then + # Onelevel search does not return entries in order of creation or CSN. + echo "$BACKEND backend unsuitable for syncprov logdb, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2 + +SPEC="mdb=a,bdb=a,hdb=a" + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral or chain) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $DSRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entries in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $DSRCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Stopping the provider, sleeping 10 seconds and restarting it..." +kill -HUP "$PID" +sleep 10 +echo "RESTART" >> $LOG1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco +description: Fat tycoon + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \* + > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' \* + > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER -b $BACKEND -s $SPEC < $PROVIDEROUT | grep -iv "^auditcontext:" > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER -b $BACKEND -s $SPEC < $CONSUMEROUT | grep -iv "^auditcontext:" > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Stopping consumer to test recovery..." +kill -HUP $CONSUMERPID +sleep 10 + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: delete + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Mad Dog 20/20 + +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Coltrane +uid: rosco +cn: Rosco P. Coltrane + +dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com +changetype: modify +replace: drink +drink: Red Wine +- +replace: drink + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modrdn +newrdn: cn=Some Staff +deleteoldrdn: 1 + +EOMODS + +echo "Restarting consumer..." +echo "RESTART" >> $LOG2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +if test ! $BACKLDAP = "ldapno" ; then + echo "Try updating the consumer slapd..." + $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +fi + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \* + > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' \* + > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER -b $BACKEND -s $SPEC < $PROVIDEROUT | grep -iv "^auditcontext:" > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER -b $BACKEND -s $SPEC < $CONSUMEROUT | grep -iv "^auditcontext:" > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist new file mode 100755 index 0000000..d4bae1d --- /dev/null +++ b/tests/scripts/test044-dynlist @@ -0,0 +1,663 @@ +#! /bin/sh +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $DYNLIST = "dynlistno" ; then + echo "dynlist overlay not available, test skipped" + exit 0 +fi + +if test $BACKEND = ldif ; then + # dynlist+ldif fails because back-ldif lacks bi_op_compare() + echo "$BACKEND backend unsuitable for dynlist overlay, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +if test $MONITORDB != no ; then + DBIX=2 +else + DBIX=1 +fi + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +. $CONFFILTER $BACKEND $MONITORDB < $DYNLISTCONF > $CONF1 + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +LISTDN="ou=Dynamic Lists,$BASEDN" +echo "Adding a dynamic list..." +$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > $TESTOUT 2>&1 << EOMODS +dn: $LISTDN +objectClass: organizationalUnit +ou: Dynamic Lists + +dn: cn=Dynamic List,$LISTDN +objectClass: groupOfURLs +cn: Dynamic List +memberURL: ldap:///ou=People,${BASEDN}?cn,mail?sub?(objectClass=person) +EOMODS + +echo "Testing list search of all attrs..." +echo "# Testing list search of all attrs..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a listed attr..." +echo "# Testing list search of a listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' mail \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a non-listed attr..." +echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' objectClass \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search with (critical) manageDSAit..." +echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \ + '(cn=Dynamic List)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list compare..." +echo "# Testing list compare..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +6) + echo "ldapcompare returned TRUE ($RC)" + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing list compare (should return FALSE)..." +echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List,$LISTDN" "cn:FALSE" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing list compare (should return UNDEFINED)..." +echo "# Testing list compare (should return UNDEFINED)..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List,$LISTDN" "dc:UNDEFINED" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +16|32) + echo "ldapcompare returned UNDEFINED ($RC)" + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)" + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing list compare with manageDSAit..." +echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \ + "cn=Dynamic List,$LISTDN" "cn:Bjorn Jensen" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Reconfiguring slapd..." +$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ + $TESTOUT 2>&1 << EOMODS +version: 1 +dn: olcOverlay={0}dynlist,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +delete: olcDLattrSet +olcDLattrSet: {0} +- +add: olcDLattrSet +olcDLattrSet: groupOfURLs memberURL sn:cn mail +- +EOMODS + +echo "==========================================================" >> $LOG1 + +echo "Testing attribute mapping" + +echo "Testing list search of all (mapped) attrs..." +echo "# Testing list search of all (mapped) attrs..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a (mapped) listed attr..." +echo "# Testing list search of a (mapped) listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' sn \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a (n unmapped) listed attr..." +echo "# Testing list search of a (n unmapped) listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List)' mail \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list compare (mapped attrs) ..." +echo "# Testing list compare (mapped attrs) ..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List,$LISTDN" "sn:Bjorn Jensen" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +6) + echo "ldapcompare returned TRUE ($RC)" + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing list compare (mapped attrs; should return FALSE)..." +echo "# Testing list compare (mapped attrs; should return FALSE)..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List,$LISTDN" "sn:FALSE" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Reconfiguring slapd..." +$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ + $TESTOUT 2>&1 << EOMODS +version: 1 +dn: olcOverlay={0}dynlist,olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +delete: olcDLattrSet +olcDLattrSet: {0} +- +add: olcDLattrSet +olcDLattrSet: groupOfURLs memberURL member +- +EOMODS + +echo "==========================================================" >> $LOG1 + +echo "Adding a dynamic list..." +$LDAPADD -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic List of Members,$LISTDN +objectClass: groupOfURLs +cn: Dynamic List of Members +memberURL: ldap:///ou=People,${BASEDN}??sub?(objectClass=person) +EOMODS + +echo "Testing list search of all attrs..." +echo "# Testing list search of all attrs..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a listed attr..." +echo "# Testing list search of a listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' member \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search of a non-listed attr..." +echo "# Testing list search of a non-listed attr..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' objectClass \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search with (critical) manageDSAit..." +echo "# Testing list search with (critical) manageDSAit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 -MM \ + '(&(cn=Dynamic List of Members)(objectClass=groupOfURLs))' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CMPDN="$BJORNSDN" +echo "Testing list compare..." +echo "# Testing list compare..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +6) + echo "ldapcompare returned TRUE ($RC)" + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +CMPDN="$BADBJORNSDN" +echo "Testing list compare (should return FALSE)..." +echo "# Testing list compare... (should return FALSE)" >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +CMPDN="$BJORNSDN" +echo "Testing list compare (should return FALSE)..." +echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + "cn=Dynamic List of Members,$LISTDN" "member:cn=Foo Bar" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "Testing list compare with manageDSAit..." +echo "# Testing list compare with manageDSAit..." >> $SEARCHOUT +$LDAPCOMPARE -h $LOCALHOST -p $PORT1 -MM \ + "cn=Dynamic List,$LISTDN" "member:$CMPDN" \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in +5) + echo "ldapcompare returned FALSE ($RC)" + ;; +6) + echo "ldapcompare returned TRUE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapcompare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac +echo "" >> $SEARCHOUT + +echo "==========================================================" >> $LOG1 + +echo "Testing dgIdentity..." + +# Set ACL, require authentication to get list contents +$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \ + $TESTOUT 2>&1 << EOMODS +version: 1 +dn: olcDatabase={$DBIX}$BACKEND,cn=config +changetype: modify +add: olcAccess +olcAccess: to dn.base="cn=Dynamic List of Members,$LISTDN" by * read +olcAccess: to * by users read by * search +EOMODS + +echo "Testing list search without dgIdentity..." +echo "# Testing list search without dgIdentity..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic List of Members,$LISTDN +changetype: modify +add: objectClass +objectClass: dgIdentityAux +- +add: dgIdentity +dgIdentity: $CMPDN +EOMODS + +echo "Testing list search with dgIdentity..." +echo "# Testing list search with dgIdentity..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing dgAuthz..." + +CMPDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + > $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic List of Members,$LISTDN +changetype: modify +add: dgAuthz +dgAuthz: dn:$BABSDN +EOMODS + +echo "Testing list search with dgIdentity and dgAuthz anonymously..." +echo "# Testing list search with dgIdentity and dgAuthz anonymously..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + '(cn=Dynamic List of Members)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing list search with dgIdentity and dgAuthz as the authorized identity..." +echo "# Testing list search with dgIdentity and dgAuthz as the authorized identity..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \ + -D "$BABSDN" -w bjensen \ + '(cn=Dynamic List of Members)' '*' \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$DYNLISTOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test045-syncreplication-proxied b/tests/scripts/test045-syncreplication-proxied new file mode 100755 index 0000000..31fb8a8 --- /dev/null +++ b/tests/scripts/test045-syncreplication-proxied @@ -0,0 +1,872 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + + +# test now handles known issues +#if test x"$PROXYSYNC" = x ; then +# echo "Test disabled; set PROXYSYNC=yes to enable" +# exit 0 +#fi + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKLDAP = ldapno; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +if test $MONITORDB = no; then + echo "Monitor backend not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral or chain) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PROVIDERPID=$! +if test $WAIT != 0 ; then + echo PROVIDERPID $PROVIDERPID + read foo +fi +KILLPIDS="$PROVIDERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $RCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$PROVIDERPID $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting proxy slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $PLSRCONSUMERCONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PROXYPID=$! +if test $WAIT != 0 ; then + echo PROXYPID $PROXYPID + read foo +fi +KILLPIDS="$PROVIDERPID $CONSUMERPID $PROXYPID" + +sleep 1 + +echo "Using ldapsearch to check that proxy slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 || test $RC = 53 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +case $RC in +0 ) + echo "ldapsearch should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +53) + ;; +*) + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +CHECK=1 +echo "$CHECK > Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN +sleep 1 +for i in 1 2 3; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Stopping the provider, sleeping $SLEEP2 seconds and restarting it..." +kill -HUP "$PROVIDERPID" +wait $PROVIDERPID +sleep $SLEEP2 + +echo "======================= RESTART =======================" >> $LOG1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PROVIDERPID=$! +if test $WAIT != 0 ; then + echo PROVIDERPID $PROVIDERPID + read foo +fi +KILLPIDS="$PROVIDERPID $CONSUMERPID $PROXYPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc + =com +changetype: modify +delete: cn +cn: Biiff Jensen + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco +description: Fat tycoon + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN +for i in 1 2 3; do + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 + + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Stopping proxy to test recovery..." +kill -HUP $PROXYPID +wait $PROXYPID + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: description +description: proxy is down... + +dn: cn=James T. Kirk, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Kirk +uid: jtk +cn: James T. Kirk + +dn: cn=Tiberius J. Hooker, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Hooker +uid: tjh +cn: Tiberius J. Hooker + +EOMODS + +echo "Restarting proxy..." +echo "======================= RESTART =======================" >> $LOG3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 & +PROXYPID=$! +if test $WAIT != 0 ; then + echo PROXYPID $PROXYPID + read foo +fi +KILLPIDS="$PROVIDERPID $CONSUMERPID $PROXYPID" + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN +for i in 1 2 3 4 5; do + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 + + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Try updating the consumer slapd..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN +sleep 1 + +for i in 1 2 3; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ +'(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Stopping consumer to test recovery..." +kill -HUP $CONSUMERPID +wait $CONSUMERPID + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Mad Dog 20/20 + +EOMODS + +echo "Waiting $SLEEP2 seconds for syncrepl to retry..." +sleep $SLEEP2 + +echo "Restarting consumer..." +echo "======================= RESTART =======================" >> $LOG2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$PROVIDERPID $CONSUMERPID $PROXYPID" + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN + +for i in 1 2 3 4 5; do + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 + + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + # FIXME: keep the original workaround in place, in case we needed again + if test 1 = 1 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + + echo " test failed - provider and consumer databases differ (ignored by now)" + echo " Stopping proxy to see if it auto-recovers..." + kill -HUP $PROXYPID + wait $PROXYPID + + echo " ${CHECK}.1 > Restarting proxy..." + echo "======================= RESTART =======================" >> $LOG3 + $SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 & + PROXYPID=$! + if test $WAIT != 0 ; then + echo PROXYPID $PROXYPID + read foo + fi + KILLPIDS="$PROVIDERPID $CONSUMERPID $PROXYPID" + + echo " Waiting $SLEEP2 seconds for syncrepl to receive changes..." + sleep $SLEEP2 + + #echo "Using ldapsearch to read all the entries from the consumer..." + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.5.1" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo " ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + #echo "Filtering consumer results..." + $LDIFFILTER < "${CONSUMEROUT}.5.1" > $CONSUMERFLT + + echo " ${CHECK}.1 < Comparing retrieved entries from provider and consumer..." + $CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + + if test $? != 0 ; then + echo " test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi +fi + +# +# Modifications formerly known to fail +# +CHECK=`expr $CHECK + 1` +echo "$CHECK > Performing modifications that were formerly known to fail..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +# First, back out previous change +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +delete: drink +drink: Mad Dog 20/20 + +# From now on, perform modifications that were formerly known to fail +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# get provider contextCSN +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + -s base '(objectClass=*)' contextCSN > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# check consumer contextCSN +sleep 1 +for i in 1 2 3; do + $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -s base '(objectClass=*)' contextCSN > "${CONSUMEROUT}.$CHECK" 2>&1 + RC=$? + + if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + $CMP ${PROVIDEROUT}.$CHECK ${CONSUMEROUT}.$CHECK > $CMPOUT + + if test $? = 0 ; then + break + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.$CHECK" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.$CHECK" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.$CHECK" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ (ignored by now)" + #echo "test failed - provider and consumer databases differ" + #test $KILLSERVERS != no && kill -HUP $KILLPIDS + #exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test046-dds b/tests/scripts/test046-dds new file mode 100755 index 0000000..1de582f --- /dev/null +++ b/tests/scripts/test046-dds @@ -0,0 +1,575 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2005-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +case $BACKEND in ldif | null) + # LDIF lacks ACL support, NULL cannot hold dynamic entries + echo "Test does not support $BACKEND backend, test skipped" + exit 0 +esac + +if test $DDS = ddsno; then + echo "Dynamic Directory Services overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $DDSCONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing slapd searching..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Creating a dynamic entry..." +$LDAPADD -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic Object,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: dynamicObject +cn: Dynamic Object +sn: Object +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Refreshing the newly created dynamic entry..." +$LDAPEXOP -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + "refresh" "cn=Dynamic Object,dc=example,dc=com" "120" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Modifying the newly created dynamic entry..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic Object,dc=example,dc=com +changetype: modify +add: userPassword +userPassword: dynamic +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Binding as the newly created dynamic entry..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \ + -D "cn=Dynamic Object,dc=example,dc=com" -w dynamic +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Creating a dynamic entry subordinate to another..." +$LDAPADD -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Subordinate Dynamic Object,cn=Dynamic Object,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: dynamicObject +cn: Subordinate Dynamic Object +sn: Object +userPassword: dynamic +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SEARCH=0 + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Creating a static entry subordinate to a dynamic one (should fail)..." +$LDAPADD -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Subordinate Static Object,cn=Dynamic Object,dc=example,dc=com +objectClass: inetOrgPerson +cn: Subordinate Static Object +sn: Object +userPassword: static +EOMODS +RC=$? +case $RC in +0) + echo "ldapadd should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +19) + echo "ldapadd failed ($RC)" + ;; +*) + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Turning a static into a dynamic entry (should fail)..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: ou=People,dc=example,dc=com +changetype: modify +add: objectClass +objectClass: dynamicObject +EOMODS +RC=$? +case $RC in +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +65) + echo "ldapmodify failed ($RC)" + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Turning a dynamic into a static entry (should fail)..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic Object,dc=example,dc=com +changetype: modify +delete: objectClass +objectClass: dynamicObject +EOMODS +RC=$? +case $RC in +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +65) + echo "ldapmodify failed ($RC)" + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Renaming a dynamic entry..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Subordinate Dynamic Object,cn=Dynamic Object,dc=example,dc=com +changetype: modrdn +newrdn: cn=Renamed Dynamic Object +deleteoldrdn: 1 +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Refreshing the initial dynamic entry to make it expire earlier than the subordinate..." +$LDAPEXOP -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + "refresh" "cn=Dynamic Object,dc=example,dc=com" "1" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SLEEP=10 +echo "Waiting $SLEEP seconds to force a subordinate/superior expiration conflict..." +sleep $SLEEP + +echo "Re-vitalizing the initial dynamic entry..." +$LDAPEXOP -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + "refresh" "cn=Dynamic Object,dc=example,dc=com" "120" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Re-renaming the subordinate dynamic entry (new superior)..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Renamed Dynamic Object,cn=Dynamic Object,dc=example,dc=com +changetype: modrdn +newrdn: cn=Renamed Dynamic Object +deleteoldrdn: 1 +newsuperior: dc=example,dc=com +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodrdn failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Deleting a dynamic entry..." +$LDAPMODIFY -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Dynamic Object,dc=example,dc=com +changetype: delete +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Refreshing the remaining dynamic entry..." +$LDAPEXOP -D $MANAGERDN -w $PASSWD -h $LOCALHOST -p $PORT1 \ + "refresh" "cn=Renamed Dynamic Object,dc=example,dc=com" "1" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SLEEP=15 +echo "Waiting $SLEEP seconds for remaining entry to expire..." +sleep $SLEEP + +SEARCH=`expr $SEARCH + 1` +sleep $SLEEP0 +echo "# [$SEARCH] Searching the dynamic portion of the database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=dynamicObject)' '*' entryTtl \ + >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Meeting +MEETINGDN="cn=Meeting,ou=Groups,dc=example,dc=com" +echo "Creating a meeting as $BJORNSDN..." +$LDAPMODIFY -D "$BJORNSDN" -w bjorn -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: $MEETINGDN +changetype: add +objectClass: groupOfNames +objectClass: dynamicObject +cn: Meeting +member: $BJORNSDN + +dn: $MEETINGDN +changetype: modify +add: member +member: $JOHNDDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Refreshing the meeting as $BJORNSDN..." +$LDAPEXOP -D "$BJORNSDN" -w bjorn -h $LOCALHOST -p $PORT1 \ + "refresh" "$MEETINGDN" "120" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Joining the meeting as $BABSDN..." +$LDAPMODIFY -D "$BABSDN" -w bjensen -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: $MEETINGDN +changetype: modify +add: member +member: $BABSDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Trying to add a member as $BABSDN (should fail)..." +$LDAPMODIFY -D "$BABSDN" -w bjensen -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: $MEETINGDN +changetype: modify +add: member +member: $MELLIOTDN +EOMODS +RC=$? +case $RC in +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +50) + echo "ldapmodify failed ($RC)" + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Refreshing the meeting as $BABSDN..." +$LDAPEXOP -D "$BABSDN" -w bjensen -h $LOCALHOST -p $PORT1 \ + "refresh" "$MEETINGDN" "180" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapexop failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Trying to refresh the meeting anonymously (should fail)..." +$LDAPEXOP -h $LOCALHOST -p $PORT1 \ + "refresh" "$MEETINGDN" "240" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldapexop should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Trying to refresh the meeting as $JAJDN (should fail)..." +$LDAPEXOP -D "$JAJDN" -w "jaj" -h $LOCALHOST -p $PORT1 \ + "refresh" "$MEETINGDN" "240" \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "ldapexop should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo "Trying to delete the meeting as $BABSDN (should fail)..." +$LDAPMODIFY -D "$BABSDN" -w bjensen -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: $MEETINGDN +changetype: delete +EOMODS +RC=$? +case $RC in +0) + echo "ldapdelete should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +50) + echo "ldapdelete failed ($RC)" + ;; +*) + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Deleting the meeting as $BJORNSDN..." +$LDAPMODIFY -D "$BJORNSDN" -w bjorn -h $LOCALHOST -p $PORT1 \ + >> $TESTOUT 2>&1 << EOMODS +dn: $MEETINGDN +changetype: delete +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$DDSOUT + +# dds removes entryTtl and re-adds it, changing the order of attributes +echo "Filtering ldapsearch results..." +$LDIFFILTER -s a < $SEARCHOUT > $SEARCHFLT +grep -i -v -e '^entryttl: ' < $SEARCHFLT > $SEARCHFLT2 +echo "Filtering original ldif used to create database..." +$LDIFFILTER -s a < $LDIF > $LDIFFLT +grep -i -v -e '^entryttl: ' < $LDIFFLT > $LDIFFLT2 +echo "Comparing filter output..." +$CMP $SEARCHFLT2 $LDIFFLT2 > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo "Listing entryTtl values from ldapsearch results..." +grep -i -e '^entryttl: ' < $SEARCHFLT | awk '{ print $2 }' > $SEARCHFLT2 +echo "Listing entryTtl values from original ldif used to create database..." +grep -i -e '^entryttl: ' < $LDIFFLT | awk '{ print $2 }' > $LDIFFLT2 + +if ! type paste >/dev/null 2>&1; then + echo "Cannot find 'paste' command, skipping entryTtl checks..." +else + echo "Checking entryTtl appears to decrease with time..." + paste $SEARCHFLT2 $LDIFFLT2 | while read resultTTL savedTTL; do + if [ `expr $savedTTL - $resultTTL` -lt $SLEEP0 ]; then + echo "TTL has not reduced accordingly" + exit 1 + fi + done +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test047-ldap b/tests/scripts/test047-ldap new file mode 100755 index 0000000..a3ce429 --- /dev/null +++ b/tests/scripts/test047-ldap @@ -0,0 +1,754 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "" + +if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + exit 0 +fi + +if test $RWM = rwmno ; then + echo "rwm (rewrite/remap) overlay not available, test skipped" + exit 0 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $METACONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$METAMANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD < \ + $LDIFMETA >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $GLUELDAPCONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +BASEDN="o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# ITS#4195: spurious matchedDN when the search scopes the main target, +# and the searchBase is not present, so that target returns noSuchObject +BASEDN="ou=Meta,o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Do some modifications +# + +BASEDN="o=Example,c=US" +echo "Modifying database \"$BASEDN\"..." +$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -h $LOCALHOST -p $PORT3 -w $PASSWD \ + -M >> $TESTOUT 2>&1 << EOMODS +# These operations (updates with objectClass mapping) triggered ITS#3499 +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +objectClass: uidObject +cn: Added Group +member: cn=Added Group,ou=Groups,$BASEDN +uid: added + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +cn: Another Added Group +member: cn=Added Group,ou=Groups,$BASEDN +member: cn=Another Added Group,ou=Groups,$BASEDN + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: modify +add: objectClass +objectClass: uidObject +- +add: uid +uid: added +- + +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: modify +delete: objectClass +objectClass: uidObject +- +delete: uid +- + +dn: ou=Meta,$BASEDN +changetype: modify +add: description +description: added to "ou=Meta,$BASEDN" +- + +dn: ou=Who's going to handle this?,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: ou=Who's going to handle this?,$BASEDN +changetype: delete + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: cn=Added User,ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: inetOrgPerson +cn: Added User +sn: User +userPassword: secret + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: delete +EOMODS + +RC=$? +#if test $RC != 0 ; then +# echo "Modify failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Modify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"seeAlso\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"seeAlso\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" seeAlso \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(uid=example)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"uid\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"uid\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" uid \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"member\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Waiting 10 seconds for cached connections to timeout..." +sleep 10 + +echo "Searching with a timed out connection..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"" >> $SEARCHOUT +echo "# with a timed out connection..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking server-enforced size limit..." +echo "# Checking server-enforced size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking client-requested size limit..." +echo "# Checking client-requested size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" -z 2 "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $METAOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - meta search/modification didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +# ITS#4458 needs patch to slapo-rwm for global rewriting of passwd_exop +BASEDN="o=Example,c=US" +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s $PASSWD "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; +# 51) +# echo "### Hit LDAP_BUSY problem; you may want to re-run the test" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit 0 +# ;; +# 80) + 1) + echo "Passwd ExOp failed ($RC)! ITS#4458?" + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $RC = 0 ; then + echo "Binding with newly changed password to database \"$BASEDN\"..." + $LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 + RC=$? + #if test $RC != 0 ; then + # echo "WhoAmI failed ($RC)!" + # test $KILLSERVERS != no && kill -HUP $KILLPIDS + # exit $RC + #fi + case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; + esac +fi + +echo "Binding as newly added user to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -h $LOCALHOST -p $PORT3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s meta "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; +# 51) +# echo "### Hit LDAP_BUSY problem; you may want to re-run the test" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit 0 +# ;; +# 80) + 1) + echo "Passwd ExOp failed ($RC)! ITS#4458?" + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $RC = 0 ; then + echo "Binding with newly changed password to database \"$BASEDN\"..." + $LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w meta >> $TESTOUT 2>&1 + RC=$? + #if test $RC != 0 ; then + # echo "WhoAmI failed ($RC)!" + # test $KILLSERVERS != no && kill -HUP $KILLPIDS + # exit $RC + #fi + case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; + esac +fi + +echo "Binding with incorrect password to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Binding with non-existing user to database \"$BASEDN\"..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT3 \ + -D "cn=Non-existing User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Comparing to database \"$BASEDN\"..." +$LDAPCOMPARE -h $LOCALHOST -p $PORT3 \ + "cn=Another Added Group,ou=Groups,$BASEDN" \ + "member:cn=Added Group,ou=Groups,$BASEDN" >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 6 ; then +# echo "Compare failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit -1 +#fi +case $RC,$BACKEND in + 5,null) + ;; + 6,*) + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "Compare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test048-syncrepl-multiproxy b/tests/scripts/test048-syncrepl-multiproxy new file mode 100755 index 0000000..e70fa95 --- /dev/null +++ b/tests/scripts/test048-syncrepl-multiproxy @@ -0,0 +1,606 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKLDAP = ldapno; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +if test $MONITORDB = no; then + echo "Monitor backend not available, test skipped" + exit 0 +fi + +if test $THREADS = threadsno ; then + echo "Need threads support, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral or chain) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $PLSRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PROVIDERPID=$! +if test $WAIT != 0 ; then + echo PROVIDERPID $PROVIDERPID + read foo +fi +KILLPIDS="$PROVIDERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting P1 consumer slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND $MONITORDB < $RCONSUMERCONF > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +P1CONSUMERPID=$! +if test $WAIT != 0 ; then + echo P1CONSUMERPID $P1CONSUMERPID + read foo +fi +KILLPIDS="$PROVIDERPID $P1CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that P1 consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting R1 consumer slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND $MONITORDB < $RCONSUMERCONF | sed -e 's;\.2\.\([^/]*\)$;.3.\1;' > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 & +R1CONSUMERPID=$! +if test $WAIT != 0 ; then + echo R1CONSUMERPID $R1CONSUMERPID + read foo +fi +KILLPIDS="$PROVIDERPID $P1CONSUMERPID $R1CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that R1 consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +CHECK=1 +echo "$CHECK > Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.1" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the P1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.1" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at P1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.1" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.1" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and P1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +#echo "Using ldapsearch to read all the entries from the R1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > "${CONSUMEROUT}.1" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at R1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.1" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and R1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and R1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Stopping the provider, sleeping $SLEEP2 seconds and restarting it..." +kill -HUP "$PROVIDERPID" +wait $PROVIDERPID +sleep $SLEEP2 + +echo "======================= RESTART =======================" >> $LOG1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PROVIDERPID=$! +if test $WAIT != 0 ; then + echo PROVIDERPID $PROVIDERPID + read foo +fi +KILLPIDS="$PROVIDERPID $P1CONSUMERPID $R1CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc + =com +changetype: modify +delete: cn +cn: Biiff Jensen + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco +description: Fat tycoon + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.2" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the P1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.2" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at P1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.2" > $PROVIDERFLT +#echo "Filtering P1 consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.2" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and P1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +#echo "Using ldapsearch to read all the entries from the R1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > "${CONSUMEROUT}.2" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at R1 consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.2" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and R1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and R1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Stopping consumer to test recovery..." +kill -HUP $P1CONSUMERPID $R1CONSUMERPID +wait $P1CONSUMERPID +wait $R1CONSUMERPID + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: description +description: r1 consumer is down... + +dn: cn=James T. Kirk, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Kirk +uid: jtk +cn: James T. Kirk + +dn: cn=Tiberius J. Hooker, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Hooker +uid: tjh +cn: Tiberius J. Hooker + +EOMODS + +echo "Restarting P1 consumer..." +echo "======================= RESTART =======================" >> $LOG3 +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 & +P1CONSUMERPID=$! +if test $WAIT != 0 ; then + echo P1CONSUMERPID $P1CONSUMERPID + read foo +fi + +echo "Restarting R1 consumer..." +echo "======================= RESTART =======================" >> $LOG3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING >> $LOG3 2>&1 & +R1CONSUMERPID=$! +if test $WAIT != 0 ; then + echo R1CONSUMERPID $R1CONSUMERPID + read foo +fi +KILLPIDS="$PROVIDERPID $P1CONSUMERPID $R1CONSUMERPID" + +echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..." +sleep $SLEEP2 + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.3" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the P1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + '(objectClass=*)' > "${CONSUMEROUT}.3" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.3" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.3" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and P1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +#echo "Using ldapsearch to read all the entries from the R1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \ + '(objectClass=*)' > "${CONSUMEROUT}.3" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.3" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and R1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +CHECK=`expr $CHECK + 1` +echo "$CHECK > Try updating the P1 consumer slapd..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +#echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' > "${PROVIDEROUT}.4" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Using ldapsearch to read all the entries from the P1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ +'(objectClass=*)' > "${CONSUMEROUT}.4" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering provider results..." +$LDIFFILTER < "${PROVIDEROUT}.4" > $PROVIDERFLT +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.4" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and P1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and P1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +#echo "Using ldapsearch to read all the entries from the R1 consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \ +'(objectClass=*)' > "${CONSUMEROUT}.4" 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +#echo "Filtering consumer results..." +$LDIFFILTER < "${CONSUMEROUT}.4" > $CONSUMERFLT + +echo "$CHECK < Comparing retrieved entries from provider and R1 consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and R1 consumer databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test049-sync-config b/tests/scripts/test049-sync-config new file mode 100755 index 0000000..c55c1e7 --- /dev/null +++ b/tests/scripts/test049-sync-config @@ -0,0 +1,406 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +PRODIR=$TESTDIR/pro +CONDIR=$TESTDIR/con1 +DBPRO=$PRODIR/db +DBCON=$CONDIR/db +CFPRO=$PRODIR/slapd.d +CFCON=$CONDIR/slapd.d + +mkdir -p $TESTDIR $PRODIR $CONDIR $DBPRO $DBCON $CFPRO $CFCON + +$SLAPPASSWD -g -n >$CONFIGPWF + +if test x"$SYNCMODE" = x ; then + SYNCMODE=rp +fi +case "$SYNCMODE" in + ro) + SYNCTYPE="type=refreshOnly interval=00:00:00:03" + ;; + rp) + SYNCTYPE="type=refreshAndPersist" + ;; + *) + echo "unknown sync mode $SYNCMODE" + exit 1; + ;; +esac + +# +# Test replication of dynamic config: +# - start provider +# - start consumer +# - configure over ldap +# - populate over ldap +# - configure syncrepl over ldap +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $DYNAMICCONF > $CONFLDIF +$SLAPADD -F $CFPRO -n 0 -l $CONFLDIF +cd $PRODIR +$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" +cd $TESTWD + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Inserting syncprov overlay on provider..." +if [ "$SYNCPROV" = syncprovmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: syncprov.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi +read CONFIGPW < $CONFIGPWF +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple + credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist + retry="3 5 300 5" timeout=3 +- +add: olcUpdateRef +olcUpdateRef: $URI1 + +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for syncrepl config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +$SLAPADD -F $CFCON -n 0 -l $CONFLDIF +cd $CONDIR +$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" +cd $TESTWD + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on consumer..." +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple + credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist + retry="3 5 300 5" timeout=3 +- +add: olcUpdateRef +olcUpdateRef: $URI1 +EOF + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to check that syncrepl received config changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ + -s base -b "olcDatabase={0}config,cn=config" \ + '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding schema and databases on provider..." +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for schema config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +nullExclude="" nullOK="" +test $BACKEND = null && nullExclude="# " nullOK="OK" + +if [ "$BACKENDTYPE" = mod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for backend config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: ./db +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 5 300 5" timeout=3 +olcUpdateRef: $URI1 + +dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test $INDEXDB = indexdb ; then + $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: objectClass,entryUUID,entryCSN eq +olcDbIndex: cn,uid pres,eq,sub +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd modify for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Using ldapadd to populate provider..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to check that syncrepl received database changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 \ + -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ + '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT$nullOK" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Replacing olcSyncrepl on provider..." +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcDatabase={0}config,cn=config +changetype: modify +replace: olcSyncRepl +olcSyncRepl: rid=002 provider=$URI1 binddn="cn=config" bindmethod=simple + credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist + retry="3 5 300 5" timeout=3 +EOF +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to read config from the provider..." +$LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF \ + 'objectclass=*' > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read config from the consumer..." +$LDAPSEARCH -b cn=config -D cn=config -H $URI2 -y $CONFIGPWF \ + 'objectclass=*' > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved configs from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer configs differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + 'objectclass=*' > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + 'objectclass=*' > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test050-syncrepl-multiprovider b/tests/scripts/test050-syncrepl-multiprovider new file mode 100755 index 0000000..be8d464 --- /dev/null +++ b/tests/scripts/test050-syncrepl-multiprovider @@ -0,0 +1,789 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +MPR=${MPR-4} + +if [ $MPR -gt 9 ]; then +MPR=9 +fi + +XDIR=$TESTDIR/srv +TMP=$TESTDIR/tmp + +mkdir -p $TESTDIR + +$SLAPPASSWD -g -n >$CONFIGPWF + +if test x"$SYNCMODE" = x ; then + SYNCMODE=rp +fi +case "$SYNCMODE" in + ro) + SYNCTYPE="type=refreshOnly interval=00:00:00:03" + ;; + rp) + SYNCTYPE="type=refreshAndPersist" + ;; + *) + echo "unknown sync mode $SYNCMODE" + exit 1; + ;; +esac + +# +# Test replication of dynamic config: +# - start servers +# - configure over ldap +# - populate over ldap +# - configure syncrepl over ldap +# - retrieve database over ldap and compare against expected results +# + +echo "Initializing server configurations..." +n=1 +while [ $n -le $MPR ]; do + +DBDIR=${XDIR}$n/db +CFDIR=${XDIR}$n/slapd.d + +mkdir -p ${XDIR}$n $DBDIR $CFDIR + +$SLAPADD -F $CFDIR -n 0 <<EOF +dn: cn=config +objectClass: olcGlobal +cn: config +olcServerID: $n + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW:< file://$CONFIGPWF +EOF + +n=`expr $n + 1` +done + +echo "Starting server 1 on TCP/IP port $PORT1..." +cd ${XDIR}1 +$SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" +cd $TESTWD + +sleep 1 + +echo "Using ldapsearch to check that server 1 is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Inserting syncprov overlay on server 1..." +echo "" > $TMP +if [ "$SYNCPROV" = syncprovmod ]; then +cat <<EOF >> $TMP +dn: cn=module,cn=config +changetype: add +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: syncprov.la + +EOF +fi +# +# Note that we configure a timeout here; it's possible for both +# servers to attempt to bind to each other while a modify to +# cn=config is in progress. When the modify pauses the thread pool +# neither server will progress. The timeout will drop the syncrepl +# attempt and allow the modifies to complete. +# +read CONFIGPW < $CONFIGPWF +echo "dn: cn=config" >> $TMP +echo "changetype: modify" >> $TMP +echo "replace: olcServerID" >> $TMP +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" +echo "olcServerID: $n $URI" >> $TMP +n=`expr $n + 1` +done + +cat <<EOF >> $TMP + +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +EOF + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" +echo "olcSyncRepl: rid=00$n provider=$URI binddn=\"cn=config\" bindmethod=simple" >> $TMP +echo " credentials=$CONFIGPW searchbase=\"cn=config\" type=refreshAndPersist" >> $TMP +echo " retry=\"3 10 300 5\" timeout=3" >> $TMP +n=`expr $n + 1` +done +echo "-" >> $TMP +echo "add: olcMirrorMode" >> $TMP +echo "olcMirrorMode: TRUE" >> $TMP +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF < $TMP >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for syncrepl config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +n=2 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" +LOG=$TESTDIR/slapd.$n.log +echo "Starting server $n on TCP/IP port $PORT..." +cd ${XDIR}$n +$SLAPD -F ./slapd.d -h $URI -d $LVL $TIMING > $LOG 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" +cd $TESTWD + +sleep 1 + +echo "Using ldapsearch to check that server $n is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on server $n..." +cat <<EOF > $TMP +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +EOF +j=1 +while [ $j -le $MPR ]; do +P2=`expr $BASEPORT + $j` +U2="ldap://${LOCALHOST}:$P2/" +echo "olcSyncRepl: rid=00$j provider=$U2 binddn=\"cn=config\" bindmethod=simple" >> $TMP +echo " credentials=$CONFIGPW searchbase=\"cn=config\" type=refreshAndPersist" >> $TMP +echo " retry=\"3 10 300 5\" timeout=3" >> $TMP +j=`expr $j + 1` +done +cat <<EOF >> $TMP +- +add: olcMirrorMode +olcMirrorMode: TRUE +EOF +$LDAPMODIFY -D cn=config -H $URI -y $CONFIGPWF < $TMP >>$TESTOUT 2>&1 +n=`expr $n + 1` +done + +echo "Adding schema and databases on server 1..." +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for schema config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +nullExclude="" +test $BACKEND = null && nullExclude="# " + +echo "" > $TMP +if [ "$BACKENDTYPE" = mod ]; then +cat <<EOF >> $TMP +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la + +EOF +fi + +cat <<EOF >> $TMP +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: ./db +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +EOF + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "olcSyncRepl: rid=01$n provider=$URI binddn=\"$MANAGERDN\" bindmethod=simple" >> $TMP +echo " credentials=$PASSWD searchbase=\"$BASEDN\" $SYNCTYPE" >> $TMP +echo " retry=\"3 10 300 5\" timeout=3" >> $TMP +n=`expr $n + 1` +done + +cat <<EOF >> $TMP +olcMirrorMode: TRUE + +dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +EOF +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF < $TMP >>$TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test $INDEXDB = indexdb ; then + $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: objectClass,entryUUID,entryCSN eq +olcDbIndex: cn,uid pres,eq,sub +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd modify for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Using ldapadd to populate server 1..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP2 seconds for syncrepl to receive changes..." +sleep $SLEEP2 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read config from server $n..." +$LDAPSEARCH -b cn=config -D cn=config -H $URI -y $CONFIGPWF \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt + +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved configs from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n configs differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Using ldapadd to populate server 2..." +$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Using ldapadd to populate server 3..." +$LDAPADD -D "$MANAGERDN" -H $URI3 -w $PASSWD \ + << EOMODS >> $TESTOUT 2>&1 +dn: cn=Server 3 Test,dc=example,dc=com +changetype: add +objectClass: device +cn: Server 3 Test +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server 3 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Using ldapmodify to add to server 1 entries that will be deleted..." +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOADDS +dn: cn=To be deleted by server 1,dc=example,dc=com +changetype: add +objectClass: device +# no distinguished values, will be added by DSA + +dn: cn=To be deleted by server 2,dc=example,dc=com +changetype: add +objectClass: device +# no distinguished values, will be added by DSA + +dn: cn=To be deleted by server 3,dc=example,dc=com +changetype: add +objectClass: device +# no distinguished values, will be added by DSA + +dn: cn=To be deleted by server 1,dc=example,dc=com +changetype: delete +EOADDS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Using ldapmodify to delete entries from server 2..." +$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOADDS +dn: cn=To be deleted by server 2,dc=example,dc=com +changetype: delete +EOADDS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapmodify to delete entries from server 3..." +$LDAPMODIFY -D "$MANAGERDN" -H $URI3 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOADDS +dn: cn=To be deleted by server 3,dc=example,dc=com +changetype: delete +EOADDS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 3 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +# kill! +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +kill -HUP $KILLPIDS + +# kill! +# test $KILLSERVERS != no && wait +wait + +echo "Restarting servers..." +KILLPIDS="" + +echo "Starting server 1 on TCP/IP port $PORT1..." +echo "======================= RESTART =======================" >> $LOG1 +cd ${XDIR}1 +$SLAPD -F slapd.d -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" +cd $TESTWD + +sleep 1 + +echo "Using ldapsearch to check that server 1 is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +n=2 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" +LOG=$TESTDIR/slapd.$n.log +echo "Starting server $n on TCP/IP port $PORT..." +cd ${XDIR}$n +echo "======================= RESTART =======================" >> $LOG +$SLAPD -F ./slapd.d -h $URI -d $LVL $TIMING >> $LOG 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" +cd $TESTWD +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" +echo "Using ldapsearch to check that server $n is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +n=`expr $n + 1` +done + +# Insert modifications and more tests here. +echo "Waiting $SLEEP1 seconds for servers to resync..." +sleep $SLEEP1 + +echo "Using ldapmodify to add/modify/delete entries from server 1..." +for i in 1 2 3 4 5 6 7 8 9 10; do +echo " iteration $i" +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOMODS +dn: cn=Add-Mod-Del,dc=example,dc=com +changetype: add +cn: Add-Mod-Del +objectclass: organizationalRole + +dn: cn=Add-Mod-Del,dc=example,dc=com +changetype: modify +replace: description +description: guinea pig +- + +dn: cn=Add-Mod-Del,dc=example,dc=com +changetype: delete +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +done + +echo "Waiting $SLEEP1 seconds for servers to resync..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test051-config-undo b/tests/scripts/test051-config-undo new file mode 100755 index 0000000..6425b33 --- /dev/null +++ b/tests/scripts/test051-config-undo @@ -0,0 +1,117 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +mkdir -p $TESTDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $UNDOCONF > $CONF1 +$SLAPADD -f $CONF1 <<EOF +dn: o=undo +objectClass: organization +o: undo + +EOF +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +mkdir $TESTDIR/confdir +$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo Dynamically assaulting the schema +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: cn={0}core,cn=schema,cn=config +changetype: modify +replace: olcObjectClasses +olcObjectClasses: ( rawr ) +- +EOF +RC=$? +if test $RC != 80 ; then + echo "invalid objectclass modify allowed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \ + > $TESTOUT 2>&1 <<EOF +dn: cn={0}core,cn=schema,cn=config +changetype: modify +replace: olcAttributeTypes +olcAttributeTypes: ( rawr ) +- +EOF +RC=$? +if test $RC != 80 ; then + echo "invalid attributeType modify allowed ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +echo Surveying the damage +$LDAPMODIFY -D "cn=manager,o=undo" -w secret -h $LOCALHOST -p $PORT1 <<EOF +dn: o=foo,o=undo +changetype: add +objectClass: organization +o: foo + +EOF +RC=$? +if test $RC != 0 ; then + echo "schema destroyed by an unsuccessful operation" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test052-memberof b/tests/scripts/test052-memberof new file mode 100755 index 0000000..3add7fd --- /dev/null +++ b/tests/scripts/test052-memberof @@ -0,0 +1,466 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $MEMBEROF = memberofno; then + echo "Memberof overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $NAKEDCONF > $CONF1 +$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $TESTOUT + +if [ "$MEMBEROF" = memberofmod ]; then + echo "Inserting memberof overlay on provider..." + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: memberof.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +indexInclude="" mainInclude="" bdbInclude="# " nullExclude="" +test $INDEXDB = indexdb || indexInclude="# " +test $MAINDB = maindb || mainInclude="# " +case $BACKEND in +bdb | hdb) bdbInclude="" ;; +null) nullExclude="# " ;; +esac + +echo "Running ldapadd to build slapd config database..." +$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ + >> $TESTOUT 2>&1 <<EOF +dn: cn=symas group example,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: symas group example +olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 + NAME 'memberA' SUP distinguishedName ) +olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2 + NAME 'memberOfA' SUP distinguishedName ) +olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 + NAME 'memberB' SUP distinguishedName ) +olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 + NAME 'memberOfB' SUP distinguishedName ) +olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.5 + NAME 'memberOfC' SUP distinguishedName ) +olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 + NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA ) +olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 + NAME 'groupMemberA' SUP top AUXILIARY MAY ( memberOfA $ memberOfC ) ) +olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 + NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB ) +olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 + NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB ) + +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +olcRootDN: cn=Manager,$BASEDN +olcRootPW:: c2VjcmV0 +olcMonitoring: TRUE +${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/ +${bdbInclude}olcDbCacheSize: 1000 +${indexInclude}olcDbIndex: objectClass eq +${indexInclude}olcDbIndex: cn pres,eq,sub +${indexInclude}olcDbIndex: uid pres,eq,sub +${indexInclude}olcDbIndex: sn pres,eq,sub +${mainInclude}olcDbMode: 384" + +dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcMemberOf +olcOverlay: {0}memberof +olcMemberOfRefInt: TRUE +olcMemberOfGroupOC: groupOfNames +olcMemberOfMemberAD: member +olcMemberOfMemberOfAD: memberOf + +dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcMemberOf +olcOverlay: {1}memberof +olcMemberOfRefInt: TRUE +olcMemberOfGroupOC: groupA +olcMemberOfMemberAD: memberA +olcMemberOfMemberOfAD: memberOfA + +dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcMemberOf +olcOverlay: {2}memberof +olcMemberOfRefInt: TRUE +olcMemberOfGroupOC: groupB +olcMemberOfMemberAD: memberB +olcMemberOfMemberOfAD: memberOfB + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapadd to build slapd database..." +$LDAPADD -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: $BASEDN +objectClass: organization +objectClass: dcObject +o: Example, Inc. +dc: example + +dn: ou=People,$BASEDN +objectClass: organizationalUnit +ou: People + +dn: ou=Groups,$BASEDN +objectClass: organizationalUnit +ou: Groups + +dn: cn=Roger Rabbit,ou=People,$BASEDN +objectClass: inetOrgPerson +cn: Roger Rabbit +sn: Rabbit + +dn: cn=Baby Herman,ou=People,$BASEDN +objectClass: inetOrgPerson +cn: Baby Herman +sn: Herman + +dn: cn=Cartoonia,ou=Groups,$BASEDN +objectClass: groupOfNames +cn: Cartoonia +member: cn=Roger Rabbit,ou=People,$BASEDN +member: cn=Baby Herman,ou=People,$BASEDN +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Search the entire database..." +echo "# Search the entire database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to add a member..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Jessica Rabbit,ou=People,$BASEDN +changetype: add +objectClass: inetOrgPerson +cn: Jessica Rabbit +sn: Rabbit + +dn: cn=Cartoonia,ou=Groups,$BASEDN +changetype: modify +add: member +member: cn=Jessica Rabbit,ou=People,$BASEDN +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after adding Jessica Rabbit and Cartoonia..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to rename a member..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Baby Herman,ou=People,$BASEDN +changetype: modrdn +newrdn: cn=Baby Herman Jr +deleteoldrdn: 1 +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after renaming Baby Herman..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to rename a group..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Cartoonia,ou=Groups,$BASEDN +changetype: modrdn +newrdn: cn=Toon town +deleteoldrdn: 1 + +dn: cn=Toon town,ou=Groups,$BASEDN +changetype: modrdn +newrdn: cn=Toon Town +deleteoldrdn: 1 +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after renaming Cartoonia..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to add self..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Toon Town,ou=Groups,$BASEDN +changetype: modify +add: member +member: cn=Toon Town,ou=Groups,$BASEDN +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after adding Toon Town to self..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapdelete to remove a member..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Baby Herman Jr,ou=People,$BASEDN +changetype: delete +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after deleting Baby Herman..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapdelete to remove a group..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Toon Town,ou=Groups,$BASEDN +changetype: delete +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after deleting Toon Town..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding groups with MAY member type schemas..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 <<EOF +dn: cn=Roger Rabbit,ou=People,$BASEDN +changetype: delete + +dn: cn=Jessica Rabbit,ou=People,$BASEDN +changetype: delete + +dn: cn=person1,ou=People,$BASEDN +changetype: add +objectClass: person +objectClass: groupMemberA +objectClass: groupMemberB +cn: person1 +sn: person1 + +dn: cn=person2,ou=People,$BASEDN +changetype: add +objectClass: person +objectClass: groupMemberA +objectClass: groupMemberB +cn: person2 +sn: person2 + +dn: cn=group1,ou=Groups,$BASEDN +changetype: add +objectclass: groupA +cn: group1 +memberA: cn=person1,ou=People,$BASEDN +memberA: cn=person2,ou=People,$BASEDN + +dn: cn=group2,ou=Groups,$BASEDN +changetype: add +objectclass: groupB +cn: group2 +memberB: cn=person1,ou=People,$BASEDN +memberB: cn=person2,ou=People,$BASEDN + +dn: cn=group1,ou=Groups,$BASEDN +changetype: modify +delete: memberA + +EOF + +echo "Re-search the entire database..." +echo "# Re-search the entire database after adding groups with MAY member type schemas..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to reconfigure the schema used..." +$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ + >> $TESTOUT 2>&1 <<EOF +dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcMemberOfMemberOfAD +olcMemberOfMemberOfAD: memberOfC + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Updating groups to expose the new setting..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 <<EOF +dn: cn=group1,ou=Groups,$BASEDN +changetype: modify +add: memberA +memberA: cn=person1,ou=People,$BASEDN +memberA: cn=person2,ou=People,$BASEDN + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Re-search the entire database..." +echo "# Re-search the entire database after updating memberof configuration..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$MEMBEROFOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test054-syncreplication-parallel-load b/tests/scripts/test054-syncreplication-parallel-load new file mode 100755 index 0000000..3485a10 --- /dev/null +++ b/tests/scripts/test054-syncreplication-parallel-load @@ -0,0 +1,377 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR4 + +# +# Test replication: +# - start provider +# - start consumer +# - populate over ldap +# - perform some modifies and deleted +# - attempt to modify the consumer (referral or chain) +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $SRPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to create the context prefix entry in the provider..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDCP > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT4..." +. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +MORELDIF=$TESTDIR/more.ldif +TESTOUT1=$TESTDIR/testout1.out +TESTOUT2=$TESTDIR/testout2.out +sed -e 's/[Oo][Uu]=/ou=More /g' -e 's/^[Oo][Uu]: /ou: More /' \ + -e 's/cn=Manager/cn=More Manager/g' \ + -e 's/^cn: Manager/cn: More Manager/' \ + $LDIFORDEREDNOCP > $MORELDIF + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDEREDNOCP > $TESTOUT1 2>&1 & +C1PID=$! +$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $MORELDIF > $TESTOUT2 2>&1 & +C2PID=$! +wait $C1PID $C2PID + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Stopping the provider, sleeping 10 seconds and restarting it..." +kill -HUP "$PID" +wait $PID +sleep 10 +echo "RESTART" >> $LOG1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting 10 seconds to let the system catch up" +sleep 10 + +echo "Using ldapmodify to modify provider directory..." + +# +# Do some modifications +# + +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Orange Juice +- +delete: sn +sn: Jones +- +add: sn +sn: Jones + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +replace: drink +drink: Iced Tea + +dn: cn=ITD Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: uniquemember +uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +- +add: uniquemember +uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com +uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com + +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +delete: description + +dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Gern Jensen +sn: Jensen +uid: gjensen +title: Chief Investigator, ITD +postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 +seealso: cn=All Staff, ou=Groups, dc=example,dc=com +drink: Coffee +homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 +description: Very odd +facsimiletelephonenumber: +1 313 555 7557 +telephonenumber: +1 313 555 8343 +mail: gjensen@mailgw.example.com +homephone: +1 313 555 8844 + +dn: ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: organizationalUnit +ou: Retired + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Rosco P. Coltrane +sn: Coltrane +uid: rosco +description: Fat tycoon + +dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modrdn +newrdn: cn=Rosco P. Coltrane +deleteoldrdn: 1 +newsuperior: ou=Retired, ou=People, dc=example,dc=com + +dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: delete + +EOMODS + +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldappasswd to change some passwords..." +$LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ + 'cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \ + > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Stopping consumer to test recovery..." +kill -HUP $CONSUMERPID +wait $CONSUMERPID + +echo "Modifying more entries on the provider..." +$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: delete + +dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com +changetype: modify +add: drink +drink: Mad Dog 20/20 + +dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +sn: Coltrane +uid: rosco +cn: Rosco P. Coltrane + +EOMODS + +echo "Restarting consumer..." +echo "RESTART" >> $LOG4 +$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$PID $CONSUMERPID" + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +if test ! $BACKLDAP = "ldapno" ; then + echo "Try updating the consumer slapd..." + $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \ + $TESTOUT 2>&1 << EOMODS +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com +changetype: modify +add: description +description: This write must fail because directed to a shadow context, +description: unless the chain overlay is configured appropriately ;) + +EOMODS + + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + # ITS#4964 + echo "Trying to change some passwords on the consumer..." + $LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD \ + 'cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \ + > $TESTOUT 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +fi + +OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp" + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectclass=*)' '*' $OPATTRS > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \ + '(objectclass=*)' '*' $OPATTRS > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test055-valregex b/tests/scripts/test055-valregex new file mode 100755 index 0000000..ebd7cb9 --- /dev/null +++ b/tests/scripts/test055-valregex @@ -0,0 +1,117 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh +LVL=acl + +mkdir -p $TESTDIR $DBDIR1 + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $VALREGEXCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Testing attribute value regex subsitution..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "# Try an attribute vale regex that match, but substitute does not" +echo "# this should fail" +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +changetype: modify +replace: sn +sn: foobarbuz +EOMODS +RC=$? +case $RC in +50) + echo "ldapmodify failed as expected" + ;; +0) + if test $BACKEND != null ; then + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + fi + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "# Try an attribute vale regex that match and substitute does" +echo "# this should succeed" +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com +changetype: modify +replace: sn +sn: James A Jones 1 +EOMODS +RC=$? + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +case $RC in +0) + echo "ldapmodify succeed as expected" + ;; +*) + echo "ldapmodify failed ($RC)!" + exit $RC + ;; +esac + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test056-monitor b/tests/scripts/test056-monitor new file mode 100755 index 0000000..0c188e5 --- /dev/null +++ b/tests/scripts/test056-monitor @@ -0,0 +1,178 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $MONITORDB = "no" ; then + echo "Monitor backend not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 + +echo "Starting slapd on TCP/IP port $PORT..." +. $CONFFILTER $BACKEND $MONITORDB < $SCHEMACONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +echo "Using ldapsearch to read connection monitor entries..." +$LDAPSEARCH -S "" -b "$CONNECTIONSMONITORDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \ + structuralObjectClass entryDN \ + monitorConnectionProtocol monitorConnectionOpsReceived \ + monitorConnectionOpsExecuting monitorConnectionOpsPending \ + monitorConnectionOpsCompleted monitorConnectionGet \ + monitorConnectionRead monitorConnectionWrite \ + monitorConnectionMask monitorConnectionAuthzDN \ + monitorConnectionListener monitorConnectionLocalAddress \ + > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Compare results, ignoring possible difference of IPv4/IPv6 localhost address +localrewrite='s/=127\.0\.0\.1:/=LOCAL:/; s/=\[::1\]:/=LOCAL:/' +echo "Filtering ldapsearch results..." +sed -e "$localrewrite" < $SEARCHOUT | $LDIFFILTER > $SEARCHFLT +echo "Filtering expected data..." +. $CONFFILTER < $MONITOROUT1 | sed -e "$localrewrite" | $LDIFFILTER > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - connection monitor output is not correct" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldapsearch to read database monitor entries..." +$LDAPSEARCH -S "" -b "$DATABASESMONITORDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \ + structuralObjectClass entryDN namingContexts readOnly \ + monitorIsShadow monitorContext \ + olmBDBEntryCache olmBDBDNCache olmBDBIDLCache \ + > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -b monitor < $SEARCHOUT > $SEARCHFLT + +TMPMONITOROUT2=$MONITOROUT2 +case $BACKEND in +bdb|hdb) + ;; +*) + TMPMONITOROUT2=$TESTDIR/monitor2.out + grep -v "olmBDB" $MONITOROUT2 > $TMPMONITOROUT2 + ;; +esac + +echo "Comparing filter output..." +$CMP $SEARCHFLT $TMPMONITOROUT2 > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - database monitor output is not correct" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldapsearch to read statistics monitor entries..." +$LDAPSEARCH -S "" -b "$STATISTICSMONITORDN" -h $LOCALHOST -p $PORT1 \ + '(|(cn=Entries)(cn=PDU)(cn=Referrals))' \ + structuralObjectClass monitorCounter entryDN \ + > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -b monitor < $SEARCHOUT > $SEARCHFLT + +echo "Comparing filter output..." +$CMP $SEARCHFLT $MONITOROUT3 > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - statistics monitor output is not correct" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +echo "Using ldapsearch to read operation monitor entries..." +$LDAPSEARCH -S "" -b "$OPERATIONSMONITORDN" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' \ + structuralObjectClass monitorOpInitiated monitorOpCompleted entryDN \ + > $SEARCHOUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Filtering ldapsearch results..." +$LDIFFILTER -b monitor < $SEARCHOUT > $SEARCHFLT + +echo "Comparing filter output..." +$CMP $SEARCHFLT $MONITOROUT4 > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - operations monitor output is not correct" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 + diff --git a/tests/scripts/test057-memberof-refint b/tests/scripts/test057-memberof-refint new file mode 100755 index 0000000..a9218c7 --- /dev/null +++ b/tests/scripts/test057-memberof-refint @@ -0,0 +1,282 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## Portions Copyright 2008 Red Hat, Inc. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $MEMBEROF = memberofno; then + echo "Memberof overlay not available, test skipped" + exit 0 +fi + +if test $REFINT = refintno; then + echo "Referential Integrity overlay not available, test skipped" + exit 0 +fi + +if test $BACKEND = bdb; then + echo "$BACKEND backend does not support subtree rename, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir + +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $NAKEDCONF > $CONF1 +$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $TESTOUT + +indexInclude="" mainInclude="" bdbInclude="# " nullExclude="" +test $INDEXDB = indexdb || indexInclude="# " +test $MAINDB = maindb || mainInclude="# " +case $BACKEND in +bdb | hdb) bdbInclude="" ;; +null) nullExclude="# " ;; +esac + +if [ "$MEMBEROF" = memberofmod ]; then + echo "Inserting memberof overlay on provider..." + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: memberof.la +olcModuleLoad: refint.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Running ldapadd to build slapd config database..." +$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ + >> $TESTOUT 2>&1 <<EOF +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +olcRootDN: cn=Manager,$BASEDN +olcRootPW:: c2VjcmV0 +olcMonitoring: TRUE +${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/ +${bdbInclude}olcDbCacheSize: 1000 +${indexInclude}olcDbIndex: objectClass eq +${indexInclude}olcDbIndex: cn pres,eq,sub +${indexInclude}olcDbIndex: uid pres,eq,sub +${indexInclude}olcDbIndex: sn pres,eq,sub +${mainInclude}olcDbMode: 384 + +# {0}memberof, {1}$BACKEND, config +dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcMemberOf +olcOverlay: {0}memberof +olcMemberOfRefInt: TRUE +olcMemberOfGroupOC: groupOfNames +olcMemberOfMemberAD: member +olcMemberOfMemberOfAD: memberOf + +# {1}refint, {1}$BACKEND, config +dn: olcOverlay={1}refint,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcRefintConfig +olcOverlay: {1}refint +olcRefintAttribute: member +olcRefintAttribute: memberOf +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapadd to build slapd database..." +$LDAPADD -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: $BASEDN +objectClass: organization +objectClass: dcObject +o: Example, Inc. +dc: example + +dn: ou=People,$BASEDN +objectClass: organizationalUnit +ou: People + +dn: ou=Groups,$BASEDN +objectClass: organizationalUnit +ou: Groups + +dn: cn=Roger Rabbit,ou=People,$BASEDN +objectClass: inetOrgPerson +cn: Roger Rabbit +sn: Rabbit + +dn: cn=Baby Herman,ou=People,$BASEDN +objectClass: inetOrgPerson +cn: Baby Herman +sn: Herman + +dn: cn=Cartoonia,ou=Groups,$BASEDN +objectClass: groupOfNames +cn: Cartoonia +member: cn=Roger Rabbit,ou=People,$BASEDN +member: cn=Baby Herman,ou=People,$BASEDN +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Search the entire database..." +echo "# Search the entire database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to rename subtree..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: ou=People,$BASEDN +changetype: modrdn +newrdn: ou=Toons +deleteoldrdn:1 +newsuperior: $BASEDN +EOF + +# refint runs in a background thread, so it most likely won't complete +# before the modify returns. Give it some time to execute. +sleep $SLEEP0 + +echo "Re-search the entire database..." +echo "# Re-search the entire database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapmodify to rename subtree..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: ou=Groups,$BASEDN +changetype: modrdn +newrdn: ou=Studios +deleteoldrdn:1 +newsuperior: $BASEDN +EOF + +sleep $SLEEP0 + +echo "Re-search the entire database..." +echo "# Re-search the entire database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Running ldapdelete to remove a member..." +$LDAPMODIFY -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,$BASEDN" -w secret \ + >> $TESTOUT 2>&1 << EOF +dn: cn=Baby Herman,ou=Toons,$BASEDN +changetype: delete +EOF + +sleep $SLEEP0 + +echo "Re-search the entire database..." +echo "# Re-search the entire database..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=$MEMBEROFREFINTOUT + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "Comparison failed" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test059-consumer-config b/tests/scripts/test059-consumer-config new file mode 100755 index 0000000..044f261 --- /dev/null +++ b/tests/scripts/test059-consumer-config @@ -0,0 +1,444 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +CFPRO=$TESTDIR/cfpro.d +CFCON=$TESTDIR/cfcon.d + +mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2A $CFPRO $CFCON + +$SLAPPASSWD -g -n >$CONFIGPWF + +if test x"$SYNCMODE" = x ; then + SYNCMODE=rp +fi +case "$SYNCMODE" in + ro) + SYNCTYPE="type=refreshOnly interval=00:00:00:03" + ;; + rp) + SYNCTYPE="type=refreshAndPersist" + ;; + *) + echo "unknown sync mode $SYNCMODE" + exit 1; + ;; +esac + +# +# Test replication of dynamic config with alternate consumer config: +# - start provider +# - start consumer +# - configure over ldap +# - populate over ldap +# - configure syncrepl over ldap +# - retrieve database over ldap and compare against expected results +# + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND $MONITORDB < $DYNAMICCONF > $CONFLDIF +$SLAPADD -F $CFPRO -n 0 -l $CONFLDIF +$SLAPD -F $CFPRO -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Inserting syncprov overlay on provider..." +if [ "$SYNCPROV" = syncprovmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/overlays +olcModuleLoad: syncprov.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi +read CONFIGPW < $CONFIGPWF +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for syncprov config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Consumers will not replicate the provider's actual cn=config. +# Instead, they will use an alternate DB so that they may be +# configured differently from the provider. This alternate DB +# will also be a consumer for the real cn=schema,cn=config tree. +# It has MirrorMode enabled so that it can be written directly +# while being a consumer of the main schema. +echo "Configuring consumer config DB on provider..." +$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 +dn: cn=config +changetype: modify +add: olcServerID +olcServerID: 1 + +dn: olcDatabase={1}ldif,cn=config +changetype: add +objectClass: olcDatabaseConfig +objectClass: olcLdifConfig +olcDatabase: {1}ldif +olcDbDirectory: $DBDIR1A +olcSuffix: cn=config,cn=consumer +olcRootDN: cn=config,cn=consumer +olcRootPW: repsecret +olcAccess: to * by dn.base="cn=config" write + +dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: cn=config,cn=consumer +changetype: add +objectClass: olcGlobal +cn: consumerconfig + +dn: cn=schema,cn=config,cn=consumer +changetype: add +objectClass: olcSchemaConfig +cn: schema + +dn: olcDatabase={0}config,cn=config,cn=consumer +changetype: add +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW: topsecret +olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer" + bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" + $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config" +olcUpdateRef: $URI1 + +dn: olcDatabase={1}ldif,cn=config +changetype: modify +add: olcSyncrepl +olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config" + bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" + $SYNCTYPE retry="3 5 300 5" timeout=3 + suffixmassage="cn=schema,cn=config,cn=consumer" +- +add: olcMirrorMode +olcMirrorMode: TRUE + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for consumer DB config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on TCP/IP port $PORT2..." +$SLAPADD -F $CFCON -n 0 -l $CONFLDIF +$SLAPD -F $CFCON -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +CONSUMERPID=$! +if test $WAIT != 0 ; then + echo CONSUMERPID $CONSUMERPID + read foo +fi +KILLPIDS="$KILLPIDS $CONSUMERPID" + +sleep 1 + +echo "Using ldapsearch to check that consumer slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on consumer..." +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer" + bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" + $SYNCTYPE retry="3 5 300 5" timeout=3 + suffixmassage="cn=config" +- +add: olcUpdateRef +olcUpdateRef: $URI1 +EOF + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to check that syncrepl received config changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ + -s base -b "olcDatabase={0}config,cn=config" \ + '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding schema and databases on provider..." +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for schema config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to check that syncrepl received the schema changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ + -s base -b "cn=schema,cn=config" \ + '(cn=openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +nullExclude="" nullOK="" +test $BACKEND = null && nullExclude="# " nullOK="OK" + +if [ "$BACKENDTYPE" = mod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la + +dn: cn=module,cn=config,cn=consumer +objectClass: olcModuleList +cn: module +olcModulePath: ../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for backend config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={2}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {2}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: $DBDIR1B +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 5 300 5" timeout=3 +olcUpdateRef: $URI1 + +dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: $DBDIR2A +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 5 300 5" timeout=3 +olcUpdateRef: $URI1 + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if test $INDEXDB = indexdb ; then + $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: olcDatabase={2}$BACKEND,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: objectClass,entryUUID,entryCSN eq +olcDbIndex: cn,uid pres,eq,sub +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd modify for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +echo "Using ldapadd to populate provider..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +echo "Using ldapsearch to check that syncrepl received database changes..." +RC=32 +for i in 0 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $URI2 \ + -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ + '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT$nullOK" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the provider..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + 'objectclass=*' > $PROVIDEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at provider ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to read all the entries from the consumer..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + 'objectclass=*' > $CONSUMEROUT 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo "Filtering provider results..." +$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT +echo "Filtering consumer results..." +$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT + +echo "Comparing retrieved entries from provider and consumer..." +$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT + +if test $? != 0 ; then + echo "test failed - provider and consumer databases differ" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test060-mt-hot b/tests/scripts/test060-mt-hot new file mode 100755 index 0000000..ffed60a --- /dev/null +++ b/tests/scripts/test060-mt-hot @@ -0,0 +1,304 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# The default debug level logs more than 1Gb: +case "$SLAPD_DEBUG_MT_HOT/$SLAPD_DEBUG" in +/0 | /0x0 | /0X0 | /none | /NONE | /32768 | /0x8000 | 0X8000 | /0100000) :;; +*) SLAPD_DEBUG=${SLAPD_DEBUG_MT_HOT-stats} ;; +esac + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $MONITORDB = "no" ; then + echo "Monitor backend not available, test skipped" + exit 0 +fi + +if test x$TESTLOOPS = x ; then + TESTLOOPS=50 +fi + +mkdir -p $TESTDIR $DBDIR1 + +# +# Populate and start up slapd server with some random data +# + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Running slapindex to index slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 +$SLAPINDEX -f $CONF1 +RC=$? +if test $RC != 0 ; then + echo "warning: slapindex failed ($RC)" + echo " assuming no indexing support" +fi + +echo "Starting slapd on TCP/IP port $PORT1..." +echo $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING +$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +# Perform a basic search, make sure of a functional setup +echo "Testing basic monitor search..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITORDN" -H $URI1 \ + '(objectclass=*)' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "mt-hot read failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $MTREADOUT + +echo "Monitor searches" +# Perform a basic single threaded search on a single connection +THR=1 +OUTER=1 +INNER=`expr $TESTLOOPS \* 1000` +echo "Testing basic mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a basic multi-threaded search on a single connection +THR=5 +OUTER=1 +INNER=`expr $TESTLOOPS \* 200` +echo "Testing basic mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a basic multi-threaded search on a single connection +THR=100 +OUTER=5 +INNER=`expr $TESTLOOPS \* 2` +echo "Testing basic mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a single threaded random DB search on a single connection +echo "Random searches" +THR=1 +OUTER=1 +INNER=`expr $TESTLOOPS \* 1000` +echo "Testing random mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a multi-threaded random DB search on a single connection +THR=5 +OUTER=1 +INNER=`expr $TESTLOOPS \* 200` +echo "Testing random mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a multi-threaded random DB search on a single connection +THR=100 +OUTER=5 +INNER=`expr $TESTLOOPS \* 2` +echo "Testing random mt-hot search: $THR threads ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a basic multi-threaded search using multiple connections +echo "Multiple threads and connection searches" +CONN=5 +THR=5 +OUTER=1 +INNER=`expr $TESTLOOPS \* 200` +echo "Testing basic mt-hot search: $THR threads $CONN conns ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" \ + -c $CONN -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" -f "(objectclass=*)" \ + -c $CONN -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a basic multi-threaded search using multiple connections +CONN=5 +THR=50 +OUTER=5 +INNER=`expr $TESTLOOPS \* 20` +echo "Testing basic mt-hot search: $THR threads $CONN conns ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" \ + -c $CONN -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$MONITORDN" -f "(objectclass=*)" \ + -c $CONN -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a multi-threaded random DB search using multiple connections +CONN=5 +THR=100 +OUTER=5 +INNER=`expr $TESTLOOPS \* 2` +echo "Testing random mt-hot search: $THR threads $CONN conns ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -c $CONN -m $THR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(objectclass=*)" \ + -c $CONN -m $THR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a multi-threaded random reads and writes using single connection +CONN=1 +THR=10 +WTHR=10 +OUTER=5 +INNER=`expr $TESTLOOPS \* 2` +echo "Testing random mt-hot r/w search: $THR read threads $WTHR write threads $CONN conns ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(&(!(cn=rwtest*))(objectclass=*))" \ + -c $CONN -m $THR -M $WTHR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(&(!(cn=rwtest*))(objectclass=*))" \ + -c $CONN -m $THR -M $WTHR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Perform a multi-threaded random reads and writes using multiple connections +CONN=5 +THR=10 +WTHR=10 +OUTER=5 +INNER=`expr $TESTLOOPS \* 2` +echo "Testing random mt-hot r/w search: $THR read threads $WTHR write threads $CONN conns ($OUTER x $INNER) loops..." +echo $SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(&(!(cn=rwtest*))(objectclass=*))" \ + -c $CONN -m $THR -M $WTHR -L $OUTER -l $INNER +$SLAPDMTREAD -H $URI1 -D "$MANAGERDN" -w $PASSWD \ + -e "$BASEDN" -f "(&(!(cn=rwtest*))(objectclass=*))" \ + -c $CONN -m $THR -M $WTHR -L $OUTER -l $INNER >> $MTREADOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "slapd-mtread failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +exit 0 diff --git a/tests/scripts/test061-syncreplication-initiation b/tests/scripts/test061-syncreplication-initiation new file mode 100755 index 0000000..6ffb522 --- /dev/null +++ b/tests/scripts/test061-syncreplication-initiation @@ -0,0 +1,669 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# This script tests race conditions related to setting up the syncrepl +# refresh phase, especially when the provider is itself a consumer +# refreshing from its provider again. + +# The configuration used is a provider->forwarder->consumer chain, where +# the forwarder is restarted between add/delete of entries on the provider. + +echo "Running defines.sh" +. $SRCDIR/scripts/defines.sh + +test "x$INITIATION_RACE_TESTS" = "x" && INITIATION_RACE_TESTS=1 + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi + +RETRY="1 +" + +PROV_DIR=$TESTDIR/prov +CONS_DIR=$TESTDIR/cons +FWD1_DIR=$TESTDIR/fwd1 +FWD2_DIR=$TESTDIR/fwd2 + +PROV_URI=$URI1 +CONS_URI=$URI2 +FWD1_URI=$URI3 + +PROV_LOG=$LOG1 +CONS_LOG=$LOG2 +FWD1_LOG=$LOG3 + +DIRS="$PROV_DIR $CONS_DIR $FWD1_DIR" +URIS="$PROV_URI $CONS_URI $FWD1_URI" + +noObj=32 +nullExclude="" nullOK="" +test $BACKEND = null && nullExclude="# " nullOK="OK" noObj=0 + +mkdir -p $TESTDIR + +for dir in $DIRS; do + mkdir -p $dir $dir/slapd.d $dir/db +done + +KILLPIDS= + +$SLAPPASSWD -g -n >$CONFIGPWF + +case "$BACKEND" in + bdb|hdb) olcDbCheckpoint="olcDbCheckpoint";; + *) olcDbCheckpoint="# olcDbCheckpoint";; +esac + +echo "Initializing server configurations" +for dir in $DIRS; do + $SLAPADD -F $dir/slapd.d -n 0 <<EOF +dn: cn=config +objectClass: olcGlobal +cn: config +olcServerID: 1 $PROV_URI +olcServerID: 2 $CONS_URI +olcServerID: 3 $FWD1_URI + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW:< file://$CONFIGPWF + +EOF +done + +echo "Starting provider slapd on $PROV_URI" +cd $PROV_DIR +$SLAPD -F slapd.d -h $PROV_URI -d $LVL $TIMING >> $PROV_LOG 2>&1 & +PROV_PID=$! +if test $WAIT != 0 ; then + echo PID $PROV_PID + read foo +fi +KILLPIDS="$KILLPIDS $PROV_PID" +cd $TESTWD +sleep 1 +for i in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $PROV_URI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + test $RC = 0 && break + echo "Waiting $i seconds for slapd to start..." + sleep $i +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting forward1 slapd on $FWD1_URI" +cd $FWD1_DIR +$SLAPD -F slapd.d -h $FWD1_URI -d $LVL $TIMING >> $FWD1_LOG 2>&1 & +FWD1_PID=$! +if test $WAIT != 0 ; then + echo PID $FWD1_PID + read foo +fi +KILLPIDS="$KILLPIDS $FWD1_PID" +cd $TESTWD +sleep 1 +for i in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $FWD1_URI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + test $RC = 0 && break + echo "Waiting $i seconds for slapd to start..." + sleep $i +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting consumer slapd on $CONS_URI" +cd $CONS_DIR +$SLAPD -F slapd.d -h $CONS_URI -d $LVL $TIMING >> $CONS_LOG 2>&1 & +CONS_PID=$! +if test $WAIT != 0 ; then + echo PID $CONS_PID + read foo +fi +KILLPIDS="$KILLPIDS $CONS_PID" +cd $TESTWD +sleep 1 +for i in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $CONS_URI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + test $RC = 0 && break + echo "Waiting $i seconds for slapd to start..." + sleep $i +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +for uri in $URIS; do + echo "Adding schema on $uri" + $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + [ "$BACKENDTYPE" = mod ] || continue + + echo "Adding backend module on $uri..." + $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for backend module ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +syncprov_module='' +[ "$AC_syncprov" = syncprovmod ] && syncprov_module=" +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: syncprov.la" + +for uri in $PROV_URI; do + echo "Adding database configuration on $uri" + $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +${nullExclude}olcDbDirectory: ./db +$olcDbCheckpoint: 1024 5 +olcSuffix: $BASEDN +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD + +$syncprov_module + +dn: olcOverlay={0}syncprov,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +olcSpCheckpoint: 1 1 + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Populating provider on $uri" + $LDAPADD -D "$MANAGERDN" -H $PROV_URI -w $PASSWD <<EOF >> $TESTOUT 2>&1 +dn: $BASEDN +objectClass: top +objectClass: organization +objectClass: dcObject +dc: example +o: Example, Inc + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +for uri in $FWD1_URI; do + echo "Adding database configuration on $uri" + $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +${nullExclude}olcDbDirectory: ./db +$olcDbCheckpoint: 1024 5 +olcSuffix: $BASEDN +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=1 provider=$PROV_URI searchbase="$BASEDN" + binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD + type=refreshAndPersist retry="$RETRY" timeout=1 + +$syncprov_module + +dn: olcOverlay={0}syncprov,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {0}syncprov +olcSpCheckpoint: 1 1 + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +for uri in $CONS_URI; do + echo "Adding database configuration on $uri" + $LDAPADD -D cn=config -H $uri -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +${nullExclude}olcDbDirectory: ./db +$olcDbCheckpoint: 1024 5 +olcSuffix: $BASEDN +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=1 provider=$FWD1_URI searchbase="$BASEDN" + binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD + type=refreshAndPersist retry="$RETRY" timeout=1 + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +for uri in $FWD1_URI $CONS_URI; do + echo "Using ldapsearch to check that $uri received database..." + for i in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$BASEDN" -H $uri \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + test $RC = 0 && break + echo "Waiting $i seconds for slapd to receive database..." + sleep $i + done + if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +done + +RACE_NUM=0 +ERROR=0 + +nEntries=10 + +addEnd=1 +delEnd=1 + +addIdx=1 +delIdx=1 + +while test $ERROR -eq 0 -a $RACE_NUM -lt $INITIATION_RACE_TESTS ; do + RACE_NUM=`expr $RACE_NUM + 1` + echo "Running $RACE_NUM of $INITIATION_RACE_TESTS syncrepl initiation race tests..." + + echo "Stopping forwarders for add test" + for pid in $FWD1_PID; do + kill -HUP $pid + wait $pid + KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $pid / /"`; + done + + addStart=$addEnd + addEnd=`expr $addEnd + $nEntries` + + echo "Using ldapadd to add $nEntries entries on provider" + while test $addIdx -lt $addEnd; do + $LDAPADD -D "$MANAGERDN" -H $PROV_URI -w $PASSWD <<EOF >> $TESTOUT 2>&1 +dn: ou=$addIdx,$BASEDN +objectClass: top +objectClass: organizationalUnit +ou: $addIdx + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for entry $addIdx ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + addIdx=`expr $addIdx + 1` + done + + echo "Starting forwarders again" + cd $FWD1_DIR + $SLAPD -F slapd.d -h $FWD1_URI -d $LVL $TIMING >> $FWD1_LOG 2>&1 & + FWD1_PID=$! + KILLPIDS="$KILLPIDS $FWD1_PID" + cd $TESTWD + + addEnd=`expr $addEnd + $nEntries` + + echo "Using ldapadd to add $nEntries more entries on provider" + while test $addIdx -lt $addEnd; do + $LDAPADD -D "$MANAGERDN" -H $PROV_URI -w $PASSWD <<EOF >> $TESTOUT 2>&1 +dn: ou=$addIdx,$BASEDN +objectClass: top +objectClass: organizationalUnit +ou: $addIdx + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for entry $addIdx ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + addIdx=`expr $addIdx + 1` + done + + for uri in $FWD1_URI $CONS_URI; do + echo "Checking replication to $uri" + RC=32 + i=$addStart + while test $i -lt $addEnd; do + for j in 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $uri -s base -b "ou=$i,$BASEDN" 2>&1 \ + | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT$nullOK" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $j seconds for $uri to receive entry $i..." + sleep $j + done + if test $RC != 0 ; then + echo "ERROR: Entry $i not replicated to $uri! ($RC)!" + ERROR=1 + break + fi + i=`expr $i + 1` + done + if test $ERROR != 0; then break; fi + done + if test $ERROR != 0; then break; fi + + echo "Stopping forwarders for add/delete test" + for pid in $FWD1_PID; do + kill -HUP $pid + wait $pid + KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $pid / /"`; + done + + addStart=$addEnd + addEnd=`expr $addEnd + $nEntries` + + echo "Using ldapadd to add $nEntries entries on provider" + while test $addIdx -lt $addEnd; do + $LDAPADD -D "$MANAGERDN" -H $PROV_URI -w $PASSWD <<EOF >> $TESTOUT 2>&1 +dn: ou=$addIdx,$BASEDN +objectClass: top +objectClass: organizationalUnit +ou: $addIdx + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for entry $addIdx ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + addIdx=`expr $addIdx + 1` + done + + delStart=$delEnd + delEnd=`expr $delEnd + $nEntries` + + echo "Using ldapdelete to delete $nEntries entries on provider" + while test $delIdx -lt $delEnd; do + $LDAPDELETE -D "$MANAGERDN" -H $PROV_URI -w $PASSWD "ou=$delIdx,$BASEDN" + RC=$? + if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + delIdx=`expr $delIdx + 1` + done + + echo "Starting forwarders again" + cd $FWD1_DIR + $SLAPD -F slapd.d -h $FWD1_URI -d $LVL $TIMING >> $FWD1_LOG 2>&1 & + FWD1_PID=$! + KILLPIDS="$KILLPIDS $FWD1_PID" + cd $TESTWD + + addEnd=`expr $addEnd + $nEntries` + delEnd=`expr $delEnd + $nEntries` + + echo "Using ldapadd to add $nEntries more entries on provider" + while test $addIdx -lt $addEnd; do + $LDAPADD -D "$MANAGERDN" -H $PROV_URI -w $PASSWD <<EOF >> $TESTOUT 2>&1 +dn: ou=$addIdx,$BASEDN +objectClass: top +objectClass: organizationalUnit +ou: $addIdx + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for entry $addIdx ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + addIdx=`expr $addIdx + 1` + done + + echo "Using ldapdelete to delete $nEntries more entries on provider" + while test $delIdx -lt $delEnd; do + $LDAPDELETE -D "$MANAGERDN" -H $PROV_URI -w $PASSWD "ou=$delIdx,$BASEDN" + RC=$? + if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + delIdx=`expr $delIdx + 1` + done + + for uri in $FWD1_URI $CONS_URI; do + echo "Checking replication to $uri" + RC=32 + i=$addStart + while test $i -lt $addEnd; do + for j in 1 2 3 4 5; do + RESULT=`$LDAPSEARCH -H $uri -s base -b "ou=$i,$BASEDN" 2>&1 \ + | awk '/^dn:/ {print "OK"}'` + if test "x$RESULT$nullOK" = "xOK" ; then + RC=0 + break + fi + echo "Waiting $j seconds for $uri to receive entry $i..." + sleep $j + done + if test $RC != 0 ; then + echo "ERROR: Entry $i not replicated to $uri! ($RC)!" + ERROR=1 + break + fi + i=`expr $i + 1` + done + if test $ERROR != 0; then break; fi + + i=$delStart + while test $i -lt $delEnd; do + for j in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "ou=$i,$BASEDN" -H $uri > /dev/null 2>&1 + RC=$? + if test $RC = $noObj; then break; fi + echo "Waiting $j seconds for $uri to delete entry $i..." + sleep $j + done + if test $RC != $noObj; then + echo "ERROR: Entry $i not removed on $uri! (RC=$RC)" + ERROR=1 + break + fi + i=`expr $i + 1` + done + if test $ERROR != 0; then break; fi + done + if test $ERROR != 0; then break; fi + + echo "Stopping forwarders for delete test" + for pid in $FWD1_PID; do + kill -HUP $pid + wait $pid + KILLPIDS=`echo "$KILLPIDS " | sed -e "s/ $pid / /"`; + done + + delStart=$delEnd + delEnd=`expr $delEnd + $nEntries` + + echo "Using ldapdelete to delete entries on provider" + while test $delIdx -lt $delEnd; do + $LDAPDELETE -D "$MANAGERDN" -H $PROV_URI -w $PASSWD "ou=$delIdx,$BASEDN" + RC=$? + if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + delIdx=`expr $delIdx + 1` + done + + echo "Starting forwarders again" + cd $FWD1_DIR + $SLAPD -F slapd.d -h $FWD1_URI -d $LVL $TIMING >> $FWD1_LOG 2>&1 & + FWD1_PID=$! + KILLPIDS="$KILLPIDS $FWD1_PID" + cd $TESTWD + + delEnd=`expr $delEnd + $nEntries` + + echo "Using ldapdelete to delete $nEntries more entries on provider" + while test $delIdx -lt $delEnd; do + $LDAPDELETE -D "$MANAGERDN" -H $PROV_URI -w $PASSWD "ou=$delIdx,$BASEDN" + RC=$? + if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + delIdx=`expr $delIdx + 1` + done + + for uri in $FWD1_URI $CONS_URI; do + echo "Checking replication to $uri" + RC=0 + i=$delStart + while test $i -lt $delEnd; do + for j in 1 2 3 4 5; do + $LDAPSEARCH -s base -b "ou=$i,$BASEDN" -H $uri > /dev/null 2>&1 + RC=$? + if test $RC = $noObj; then break; fi + echo "Waiting $j seconds for $uri to delete entry $i..." + sleep $j + done + if test $RC != $noObj; then + echo "ERROR: Entry $i not removed on $uri! (RC=$RC)" + ERROR=1 + break + fi + i=`expr $i + 1` + done + if test $ERROR != 0; then break; fi + done + if test $ERROR != 0; then break; fi + + sleep 1 + echo "Checking contextCSN" + CSN_ERRORS=0 + CSN1=`$LDAPSEARCH -H $URI1 -b $BASEDN -s base contextCSN | grep contextCSN` + CSN2=`$LDAPSEARCH -H $URI2 -b $BASEDN -s base contextCSN | grep contextCSN` + CSN3=`$LDAPSEARCH -H $URI3 -b $BASEDN -s base contextCSN | grep contextCSN` + + if test -z "$CSN1" ; then + test $BACKEND = null && break + echo "ERROR: contextCSN empty on provider" + ERROR=1 + break + fi + nCSN=`echo "$CSN1" | wc -l` + if test "$nCSN" -ne 1 ; then + echo "ERROR: Wrong contextCSN count on provder, should be 1" + echo "$CSN1" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + fi + if test -z "$CSN2" -o "$CSN1" != "$CSN2" ; then + echo "ERROR: contextCSN mismatch between provider and consumer" + echo "contextCSN on provider: $CSN1" + echo "contextCSN on consumer: $CSN2" + ERROR=1 + break + fi + if test -z "$CSN3" -o "$CSN1" != "$CSN3" ; then + echo "ERROR: contextCSN mismatch between provider and forward1" + echo "contextCSN on provider: $CSN1" + echo "contextCSN on forward1: $CSN3" + ERROR=1 + break + fi +done + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $ERROR != 0; then + echo "Error found after $RACE_NUM of $INITIATION_RACE_TESTS iterations" + exit 1 +else + echo "No race errors found after $INITIATION_RACE_TESTS iterations" +fi + +echo ">>>>> Test succeeded" + +exit 0 diff --git a/tests/scripts/test063-delta-multiprovider b/tests/scripts/test063-delta-multiprovider new file mode 100755 index 0000000..42105a9 --- /dev/null +++ b/tests/scripts/test063-delta-multiprovider @@ -0,0 +1,565 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $SYNCPROV = syncprovno; then + echo "Syncrepl provider overlay not available, test skipped" + exit 0 +fi +if test $ACCESSLOG = accesslogno; then + echo "Accesslog overlay not available, test skipped" + exit 0 +fi + +MPR=2 + +XDIR=$TESTDIR/srv +TMP=$TESTDIR/tmp + +mkdir -p $TESTDIR + +$SLAPPASSWD -g -n >$CONFIGPWF + +if test x"$SYNCMODE" = x ; then + SYNCMODE=rp +fi +case "$SYNCMODE" in + ro) + SYNCTYPE="type=refreshOnly interval=00:00:00:03" + ;; + rp) + SYNCTYPE="type=refreshAndPersist interval=00:00:00:03" + ;; + *) + echo "unknown sync mode $SYNCMODE" + exit 1; + ;; +esac + +# +# Test delta-sync mpr +# - start servers +# - configure over ldap +# - populate over ldap +# - configure syncrepl over ldap +# - break replication +# - modify each server separately +# - restore replication +# - compare results +# + +nullExclude="" +test $BACKEND = null && nullExclude="# " + +KILLPIDS= + +echo "Initializing server configurations..." +n=1 +while [ $n -le $MPR ]; do + +DBDIR=${XDIR}$n/db +CFDIR=${XDIR}$n/slapd.d + +mkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR + +o=`expr 3 - $n` +cat > $TMP <<EOF +dn: cn=config +objectClass: olcGlobal +cn: config +olcServerID: $n + +EOF + +if [ "$SYNCPROV" = syncprovmod -o "$ACCESSLOG" = accesslogmod ]; then + cat <<EOF >> $TMP +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +EOF + if [ "$SYNCPROV" = syncprovmod ]; then + echo "olcModuleLoad: syncprov.la" >> $TMP + fi + if [ "$ACCESSLOG" = accesslogmod ]; then + echo "olcModuleLoad: accesslog.la" >> $TMP + fi + echo "" >> $TMP +fi + +if [ "$BACKENDTYPE" = mod ]; then +cat <<EOF >> $TMP +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la + +EOF +fi +MYURI=`eval echo '$URI'$n` +PROVIDERURI=`eval echo '$URI'$o` +if test $INDEXDB = indexdb ; then +INDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq" +INDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq" +else +INDEX1= +INDEX2= +fi +cat >> $TMP <<EOF +dn: cn=schema,cn=config +objectclass: olcSchemaconfig +cn: schema + +include: file://$ABS_SCHEMADIR/core.ldif + +include: file://$ABS_SCHEMADIR/cosine.ldif + +include: file://$ABS_SCHEMADIR/inetorgperson.ldif + +include: file://$ABS_SCHEMADIR/openldap.ldif + +include: file://$ABS_SCHEMADIR/nis.ldif + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcRootPW:< file://$CONFIGPWF + +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {1}$BACKEND +olcSuffix: cn=log +${nullExclude}olcDbDirectory: ${DBDIR}.1 +olcRootDN: $MANAGERDN +$INDEX1 + +dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +olcSpNoPresent: TRUE +olcSpReloadHint: TRUE + +dn: olcDatabase={2}$BACKEND,cn=config +objectClass: olcDatabaseConfig +${nullExclude}objectClass: olc${BACKEND}Config +olcDatabase: {2}$BACKEND +olcSuffix: $BASEDN +${nullExclude}olcDbDirectory: ${DBDIR}.2 +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 +" timeout=3 logbase="cn=log" + logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" + syncdata=accesslog +olcMirrorMode: TRUE +$INDEX2 + +dn: olcOverlay=syncprov,olcDatabase={2}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov + +dn: olcOverlay=accesslog,olcDatabase={2}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcAccessLogConfig +olcOverlay: accesslog +olcAccessLogDB: cn=log +olcAccessLogOps: writes +olcAccessLogSuccess: TRUE + +EOF +$SLAPADD -F $CFDIR -n 0 -d-1< $TMP > $TESTOUT 2>&1 +PORT=`eval echo '$PORT'$n` +echo "Starting server $n on TCP/IP port $PORT..." +cd ${XDIR}${n} +LOG=`eval echo '$LOG'$n` +$SLAPD -F slapd.d -h $MYURI -d $LVL $TIMING > $LOG 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID $KILLPIDS" +cd $TESTWD + +echo "Using ldapsearch to check that server $n is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $MYURI \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +if [ $n = 1 ]; then +echo "Using ldapadd for context on server 1..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDEREDCP \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server $n database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +fi + +n=`expr $n + 1` +done + +echo "Using ldapadd to populate server 1..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDEREDNOCP \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server $n database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Using ldapadd to populate server 2..." +$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +THEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com" +sleep 1 +for i in 1 2 3; do + $LDAPSEARCH -S "" -b "$THEDN" -H $URI1 \ + -s base '(objectClass=*)' entryCSN > "${PROVIDEROUT}.$i" 2>&1 + RC=$? + + if test $RC = 0 ; then + break + fi + + if test $RC != 32 ; then + echo "ldapsearch failed at consumer ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi + + echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." + sleep $SLEEP1 +done + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +echo "Breaking replication between server 1 and 2..." +n=1 +while [ $n -le $MPR ]; do +o=`expr 3 - $n` +MYURI=`eval echo '$URI'$n` +PROVIDERURI=`eval echo '$URI'$o` +$LDAPMODIFY -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF +dn: olcDatabase={2}$BACKEND,cn=config +changetype: modify +replace: olcSyncRepl +olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple + credentials=InvalidPw searchbase="$BASEDN" $SYNCTYPE + retry="3 +" timeout=3 logbase="cn=log" + logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" + syncdata=accesslog +- +replace: olcMirrorMode +olcMirrorMode: TRUE + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server $n config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +n=`expr $n + 1` +done + +echo "Using ldapmodify to force conflicts between server 1 and 2..." +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +add: description +description: Amazing + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +replace: employeetype +- +add: description +description: Stupendous + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +delete: description +description: Outstanding +- +add: description +description: Mindboggling + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +delete: description +description: OutStanding +- +add: description +description: Bizarre + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +add: carLicense +carLicense: 123-XYZ +- +add: employeeNumber +employeeNumber: 32 + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +add: employeeType +employeeType: deadwood +- +add: employeeNumber +employeeNumber: 64 + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 2 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + >> $TESTOUT 2>&1 << EOF +dn: $THEDN +changetype: modify +replace: sn +sn: Replaced later +- +replace: sn +sn: Surname +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server 1 database ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Restoring replication between server 1 and 2..." +n=1 +while [ $n -le $MPR ]; do +o=`expr 3 - $n` +MYURI=`eval echo '$URI'$n` +PROVIDERURI=`eval echo '$URI'$o` +$LDAPMODIFY -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF +dn: olcDatabase={2}$BACKEND,cn=config +changetype: modify +replace: olcSyncRepl +olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple + credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE + retry="3 +" timeout=3 logbase="cn=log" + logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" + syncdata=accesslog +- +replace: olcMirrorMode +olcMirrorMode: TRUE + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed for server $n config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +n=`expr $n + 1` +done + +echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." +sleep $SLEEP1 + +n=1 +while [ $n -le $MPR ]; do +PORT=`expr $BASEPORT + $n` +URI="ldap://${LOCALHOST}:$PORT/" + +echo "Using ldapsearch to read all the entries from server $n..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \ + 'objectclass=*' > $TESTDIR/server$n.out 2>&1 +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed at server $n ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi +$LDIFFILTER -s a < $TESTDIR/server$n.out > $TESTDIR/server$n.flt +n=`expr $n + 1` +done + +n=2 +while [ $n -le $MPR ]; do +echo "Comparing retrieved entries from server 1 and server $n..." +$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT + +if test $? != 0 ; then + echo "test failed - server 1 and server $n databases differ" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +n=`expr $n + 1` +done + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test064-constraint b/tests/scripts/test064-constraint new file mode 100755 index 0000000..fe619b7 --- /dev/null +++ b/tests/scripts/test064-constraint @@ -0,0 +1,215 @@ +#!/bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $CONSTRAINT = constraintno; then + echo "Constraint overlay not available, test skipped" + exit 0 +fi + +CONSTRAINTDIR="$DATADIR/constraint" +ROOTLDIF="$CONSTRAINTDIR/root.ldif" +USERLDIF="$CONSTRAINTDIR/user.ldif" +RESULTOUT="$CONSTRAINTDIR/constraint.out" +SCRIPTOUT="$TESTDIR/constraint.out" +USERDN="cn=John Doe,ou=users,$BASEDN" + +CONFDIR=$TESTDIR/slapd.d +mkdir -p $TESTDIR $CONFDIR $DBDIR1 + +$SLAPPASSWD -g -n >$CONFIGPWF + +cat > $TESTDIR/config.ldif <<EOF +dn: cn=config +objectClass: olcGlobal +cn: config +olcArgsFile: $TESTDIR/slapd.args +olcPidFile: $TESTDIR/slapd.pid + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file://$TESTWD/schema/core.ldif +include: file://$TESTWD/schema/cosine.ldif +include: file://$TESTWD/schema/inetorgperson.ldif + +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +olcRootPW:< file://$CONFIGPWF +EOF + +if [ "$BACKENDTYPE" = mod ]; then + cat >> $TESTDIR/config.ldif <<EOF + +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND +olcModuleLoad: back_$BACKEND.la +EOF +fi + +if [ "$CONSTRAINT" = constraintmod ]; then + cat >> $TESTDIR/config.ldif <<EOF + +dn: cn=module,cn=config +objectClass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: constraint.la +EOF +fi + +cat >> $TESTDIR/config.ldif <<EOF + +dn: olcDatabase={1}$BACKEND,cn=config +objectClass: olcDatabaseConfig +objectClass: olc${BACKEND}Config +olcDatabase: $BACKEND +olcSuffix: $BASEDN +olcRootDN: $MANAGERDN +olcRootPW: $PASSWD +olcDbDirectory: $TESTDIR/db.1.a +EOF + +if [ "$INDEXDB" = indexdb ]; then + cat >> $TESTDIR/config.ldif <<EOF +olcDbIndex: objectClass eq,pres +olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub +EOF +fi + +cat >> $TESTDIR/config.ldif <<EOF + +dn: olcOverlay=constraint,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcConstraintConfig +olcOverlay: constraint +olcConstraintAttribute: mail + count 3 + restrict="ldap:///ou=users,$BASEDN??one?(objectClass=inetOrgPerson)" +# check if restrict works (if not, this will apply to ou=users subtree as well +# and some tests will fail) +olcConstraintAttribute: mail count 1 restrict="ldap:///ou=groups,$BASEDN??one" +olcConstraintAttribute: mail regex ^[[:alnum:]]+@example.com$ +olcConstraintAttribute: description count 2 +olcConstraintAttribute: jpegPhoto count 0 +# cn value has to be concatenated givenName SP sn +olcConstraintAttribute: cn,sn,givenName + set "(this/givenName + [ ] + this/sn) & this/cn" + restrict="ldap:///$USERDN??sub?(objectClass=inetOrgPerson)" +olcConstraintAttribute: uid + uri "ldap:///ou=groups,$BASEDN?uid?one?(objectClass=inetOrgPerson)" + restrict="ldap:///ou=users,$BASEDN??one" +EOF + +$SLAPADD -F $CONFDIR -n 0 -l $TESTDIR/config.ldif + +echo "Starting slapd on TCP/IP port $PORT1..." +$SLAPD -F $CONFDIR -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Adding basic structure..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $ROOTLDIF >/dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC +fi +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $USERLDIF >/dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC +fi + +echo "Running constraint tests..." +for ldif in $CONSTRAINTDIR/*ok*.ldif $CONSTRAINTDIR/*fail*.ldif; do + ### reload + $LDAPDELETE -D "$MANAGERDN" -H $URI1 -w $PASSWD "$USERDN" >/dev/null 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapdelete failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC + fi + $LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $USERLDIF >/dev/null 2>&1 + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC + fi + + ### info + echo -n " [$ldif]: " + + ### modify + $LDAPMODIFY -H $URI1 -x -D "$MANAGERDN" -f $ldif -w $PASSWD >/dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + echo "OK" | tee -a $SCRIPTOUT + elif test $RC = 19 ; then + echo "FAIL" | tee -a $SCRIPTOUT + else + echo "UNEXPECTED ($RC)" + fi +done + +echo "Comparing output..." +$DIFF $SCRIPTOUT $RESULTOUT > $CMPOUT +RC=$? +if test $RC != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $PID + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/scripts/test065-proxyauthz b/tests/scripts/test065-proxyauthz new file mode 100755 index 0000000..9585db7 --- /dev/null +++ b/tests/scripts/test065-proxyauthz @@ -0,0 +1,255 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +PCACHETTL=${PCACHETTL-"1m"} +PCACHENTTL=${PCACHENTTL-"1m"} +PCACHESTTL=${PCACHESTTL-"1m"} +PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"} +PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"} +PCACHETTR=${PCACHETTR-"2"} +PCACHEBTTR=${PCACHEBTTR-"5"} + +. $SRCDIR/scripts/defines.sh + +LVL=0x100 + +if test $PROXYCACHE = pcacheno; then + echo "Proxy cache overlay not available, test skipped" + exit 0 +fi + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +if test $BACKEND = ldif ; then + # The (mail=example.com*) queries hit a sizelimit, so which + # entry is returned depends on the ordering in the backend. + echo "Test does not support $BACKEND backend, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +# Test proxy caching: +# - start provider +# - start proxy cache +# - populate provider +# - perform a first search +# - verify cacheability +# - perform a second search with the same filter and same user +# - verify answerability and cacheability of the bind +# - perform a third search with the same user but a different filter +# - verify cacheability of the bind and the non-answerability of the result + +echo "Starting provider slapd on TCP/IP port $PORT1..." +. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that provider slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ + -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the provider directory..." +$LDAPADD -x -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ + $LDIFORDERED > /dev/null 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting proxy cache on TCP/IP port $PORT2..." +. $CONFFILTER < $PROXYAUTHZCONF | sed \ + -e "s/@TTL@/${PCACHETTL}/" \ + -e "s/@NTTL@/${PCACHENTTL}/" \ + -e "s/@STTL@/${PCACHENTTL}/" \ + -e "s/@TTR@/${PCACHETTR}/" \ + -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/" \ + -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/" \ + -e "s/@BTTR@/${PCACHEBTTR}/" \ + > $CONF2 + +$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & +CACHEPID=$! +if test $WAIT != 0 ; then + echo CACHEPID $CACHEPID + read foo +fi +KILLPIDS="$KILLPIDS $CACHEPID" + +sleep 1 + +echo "Using ldapsearch to check that proxy slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ + -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +echo "Making queries on the proxy cache..." +CNT=0 + + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +UPASSWD="jaj" +echo "Query $CNT: $USERDN" +echo "# Query $CNT: $USERDN" >> $SEARCHOUT + +$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Check that the bind is cached +grep "CACHING BIND for $USERDN" $LOG2 > /dev/null + +RC=$? +if test $RC != 0 ; then + echo "Refresh failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +UPASSWD="jaj" +echo "Query $CNT: (Bind should be cached)" +echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT + +$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +grep "CACHED BIND for $USERDN" $LOG2 > /dev/null +RC=$? +if test $RC != 0 ; then + echo "Refresh failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +CNT=`expr $CNT + 1` +USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" + +echo "Query $CNT: (Bind should be cached)" +echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` +if test $RC != 2 ; then + echo "Bind wasn't answered from cache" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +echo "=== New search on (sn=jo*)" +cat /dev/null > $SEARCHOUT +echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` +if test $RC != 3 ; then + echo "Bind wasn't answered from cache" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l` +if test $RC != 3 ; then + echo "Search wasn't searched on remote peer" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l` +if test $RC != 1 ; then + echo "Search wasn't retrieved on remote peer" + test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait + exit 1 +fi + +echo "Test succeeded" + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +test $KILLSERVERS != no && wait + +exit 0 |