summaryrefslogtreecommitdiffstats
path: root/tests/scripts/lloadd
diff options
context:
space:
mode:
Diffstat (limited to 'tests/scripts/lloadd')
-rwxr-xr-xtests/scripts/lloadd/test000-rootdse118
-rwxr-xr-xtests/scripts/lloadd/test001-backend-issues219
-rwxr-xr-xtests/scripts/lloadd/test002-load175
-rwxr-xr-xtests/scripts/lloadd/test003-cnconfig481
-rwxr-xr-xtests/scripts/lloadd/test004-monitor365
-rwxr-xr-xtests/scripts/lloadd/test005-tls272
-rwxr-xr-xtests/scripts/lloadd/test006-sasl252
-rwxr-xr-xtests/scripts/lloadd/test007-coherence508
8 files changed, 2390 insertions, 0 deletions
diff --git a/tests/scripts/lloadd/test000-rootdse b/tests/scripts/lloadd/test000-rootdse
new file mode 100755
index 0000000..9046b16
--- /dev/null
+++ b/tests/scripts/lloadd/test000-rootdse
@@ -0,0 +1,118 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+echo "Starting a second slapd on TCP/IP port $PORT3..."
+sed -e "s,$DBDIR1,$DBDIR2," < $CONF2 > $CONF3
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Starting a third slapd on TCP/IP port $PORT4..."
+sed -e "s,$DBDIR1,$DBDIR3," < $CONF2 > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL > $LOG4 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDANONCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Using ldapsearch to retrieve the root DSE..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -b "" -s base -H $URI1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC = 0 ; then
+ echo "Using ldapsearch to retrieve the cn=Subschema..."
+ $LDAPSEARCH -b "cn=Subschema" -s base -H $URI1 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+ RC=$?
+
+fi
+
+if test $RC = 0 ; then
+ echo "Using ldapsearch to retrieve the cn=Monitor..."
+ $LDAPSEARCH -b "cn=Monitor" -s base -H $URI1 \
+ '@monitor' >> $SEARCHOUT 2>&1
+ RC=$?
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+count=3
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ RC=`grep '^dn:' $SEARCHOUT | wc -l`
+ if test $RC != $count ; then
+ echo ">>>>> Test failed: expected $count entries, got" $RC
+ RC=1
+ else
+ echo ">>>>> Test succeeded"
+ RC=0
+ fi
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC
diff --git a/tests/scripts/lloadd/test001-backend-issues b/tests/scripts/lloadd/test001-backend-issues
new file mode 100755
index 0000000..b7f99fc
--- /dev/null
+++ b/tests/scripts/lloadd/test001-backend-issues
@@ -0,0 +1,219 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Starting an empty slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $SCHEMACONF > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+echo "# Testing exact searching..." > $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing approximate searching..."
+echo "# Testing approximate searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn~=jENSEN)' name >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing OR searching..."
+echo "# Testing OR searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(|(givenname=Xx*yY*Z)(cn=)(undef=*)(objectclass=groupofnames)(sn=jones)(member=cn=Manager,dc=example,dc=com)(uniqueMember=cn=Manager,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing AND matching and ends-with searching..."
+echo "# Testing AND matching and ends-with searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "ou=groups,$BASEDN" -s one -H $URI1 \
+ '(&(objectclass=groupofnames)(cn=A*)(member=cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing NOT searching..."
+echo "# Testing NOT searching..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(!(objectclass=pilotPerson))' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing objectClass/attributeType inheritance ..."
+echo "# Testing objectClass/attributeType inheritance ..." >> $SEARCHOUT
+$LDAPSEARCH -M -a never -S "" -b "$BASEDN" -H $URI1 \
+ '(&(objectClass=inetorgperson)(userid=uham))' \
+ "2.5.4.0" "userid" >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$SEARCHOUTPROVIDER
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test002-load b/tests/scripts/lloadd/test002-load
new file mode 100755
index 0000000..2de04d6
--- /dev/null
+++ b/tests/scripts/lloadd/test002-load
@@ -0,0 +1,175 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test x$TESTLOOPS = x ; then
+ TESTLOOPS=50
+fi
+
+if test x$TESTCHILDREN = x ; then
+ TESTCHILDREN=20
+fi
+
+if test x$MAXRETRIES = x ; then
+ MAXRETRIES=5
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ # FIXME: this won't work on Windows, but lloadd doesn't support Windows yet
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# fix test data to include back-monitor, if available
+# NOTE: copies do_* files from $DATADIR to $TESTDIR
+$MONITORDATA "$DATADIR" "$TESTDIR"
+
+
+echo "Using tester for concurrent server access ($TESTCHILDREN x $TESTLOOPS ops)..."
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" \
+ -H $URI1 -D "$MANAGERDN" -w $PASSWD \
+ -t 1 -l $TESTLOOPS -r $MAXRETRIES -j $TESTCHILDREN \
+ -i '*INVALID_CREDENTIALS,*BUSY,UNWILLING_TO_PERFORM'
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo "slapd-tester failed ($RC)!"
+ exit $RC
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test003-cnconfig b/tests/scripts/lloadd/test003-cnconfig
new file mode 100755
index 0000000..373b5bb
--- /dev/null
+++ b/tests/scripts/lloadd/test003-cnconfig
@@ -0,0 +1,481 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $CONF1.d $DBDIR1 $DBDIR2 $CFDIR
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+if test $AC_lloadd = lloaddyes ; then
+ echo "Load balancer module not available, skipping..."
+ exit 0
+fi
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDUNREACHABLECONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -Tt -f $CONF1.slapd -F $CONF1.d -d $LVL > $LOG1 2>&1
+$SLAPD -F $CONF1.d -h $URI6 -d $LVL >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing lloadd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Testing cn=config searching..."
+$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \
+ -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Deleting backends"
+
+# weighted backends are sorted before we get to _cfadd to create their entries
+for i in 3 2 4 1 ; do
+ echo "cn={0}server $i,cn={1}tier 2,olcBackend={0}lload,cn=config"
+ $LDAPDELETE -H $URI6 -D cn=config -y $CONFIGPWF \
+ "cn={0}server $i,cn={1}tier 2,olcBackend={0}lload,cn=config" > /dev/null 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "deleting server failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+done
+
+echo "Testing cn=config searching..."
+$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \
+ -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1
+
+echo "Deleting tiers"
+
+for i in 1 2; do
+ echo "cn={0}tier $i,olcBackend={0}lload,cn=config"
+ $LDAPDELETE -H $URI6 -D cn=config -y $CONFIGPWF \
+ "cn={0}tier $i,olcBackend={0}lload,cn=config" > /dev/null 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "deleting server failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+done
+
+echo "Testing cn=config searching..."
+$LDAPSEARCH -H $URI6 -D cn=config -y $CONFIGPWF \
+ -s sub -b "olcBackend={0}lload,cn=config" '(objectclass=*)' > /dev/null 2>&1
+
+
+echo "# Testing exact searching..."
+
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing adding a tier"
+$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=roundrobin tier,olcBackend={0}lload,cn=config
+objectClass: olcBkLloadTierConfig
+olcBkLloadTierType: roundrobin
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for cn=roundrobin tier ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing adding a weighted tier"
+$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=weighted tier,olcBackend={0}lload,cn=config
+objectClass: olcBkLloadTierConfig
+olcBkLloadTierType: weighted
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for cn=weighted tier ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing adding a backend server"
+$LDAPADD -D cn=config -H $URI6 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=server 7,cn={1}weighted tier,olcBackend={0}lload,cn=config
+objectClass: olcBkLloadBackendConfig
+cn: server 7
+olcBkLloadBackendUri: $URI3
+olcBkLloadBindconns: 2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadNumconns: 3
+olcBkLloadRetry: 5000
+olcBkLloadWeight: 10
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for cn=server 7 ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Verifying balancer operation..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for backend to start..."
+ sleep $SLEEP1
+done
+
+echo "Testing bindconf modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconf
+olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=wrongmanager,dc=example,dc=com" credentials="secret"
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for bindconf ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "# Sending a search request..."
+
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Restoring bindconf value"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconf
+olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=Manager,dc=example,dc=com" credentials="secret"
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for bindconf ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Verifying balancer operation..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for backend to start..."
+ sleep $SLEEP1
+done
+
+echo "Testing global attributes"
+echo "Testing olcBkLloadMaxPDUPerCycle modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadMaxPDUPerCycle
+olcBkLloadMaxPDUPerCycle: 0
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadMaxPDUPerCycle($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadSockbufMaxClient modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadSockbufMaxClient
+olcBkLloadSockbufMaxClient: 20000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadSockbufMaxClient($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadSockbufMaxUpstream modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadSockbufMaxUpstream
+olcBkLloadSockbufMaxUpstream: 200000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadSockbufMaxUpstream($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing olcBkLloadIOTimeout modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadIOTimeout
+olcBkLloadIOTimeout: 20000
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadWriteTimeout($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing backend attributes"
+echo "Testing olcBkLloadBindconns modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn={0}server 7,cn={1}weighted tier,olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadBindconns
+olcBkLloadBindconns: 20
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadBindconns($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+echo "Testing olcBkLloadMaxPendingConns modify"
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn={0}server 7,cn={1}weighted tier,olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadMaxPendingConns
+olcBkLloadMaxPendingConns: 30
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "modify failed for olcBkLloadMaxPendingConns($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Testing exact searching..."
+$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
+ '(sn=jENSEN)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test004-monitor b/tests/scripts/lloadd/test004-monitor
new file mode 100755
index 0000000..ef308b2
--- /dev/null
+++ b/tests/scripts/lloadd/test004-monitor
@@ -0,0 +1,365 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+if test $AC_lloadd = lloaddyes ; then
+ echo "Load balancer module not available, skipping..."
+ exit 0
+fi
+
+# Monitor counts are unstable in the face of concurrency, since different
+# clients may get different upstreams assigned for their operations. This might
+# also change later when tiered load balancing is available.
+# Another constraint is that some global counts are updated by the statistics
+# collection task scheduled to run every second.
+#
+# This test assumes current round-robin policy:
+# - default backend is rotated every time we successfully pick an upstream
+# - upstream connections within the same backend are rotated in the same way
+# - the monitor entry order for upstream connections reflects the connection
+# order within its CIRCLEQ_
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request to prime the counters..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch should have failed ($RC != 52)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor..."
+echo "# Retrieving data from an empty lload's cn=monitor..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: 1 (0 forwarded)" >>$SEARCHOUT
+echo "# Search: 0" >>$SEARCHOUT
+echo "# Unbind: 1" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding first tier..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadTierConfig
+olcBkLloadTierType: roundrobin
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding first backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=backend,cn={0}first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 2
+olcBkLloadBindconns: 2
+olcBkLloadWeight: 1
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:4' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data from lload's cn=monitor..." >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding another backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=server 2,cn={0}first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI3
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 4
+olcBkLloadBindconns: 5
+olcBkLloadWeight: 1
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:13' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending another search request..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a WhoAmI? request..."
+$LDAPWHOAMI -D "$BABSDN" -w bjensen -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until global counters are updated..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmCompletedOps:2' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until counters are updated..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data after a search+WhoAmI?..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: 3 (2 forwarded)" >>$SEARCHOUT
+echo "# Search: 1" >>$SEARCHOUT
+echo "# Extended: 1 (WhoAmI?)" >>$SEARCHOUT
+echo "# Unbind: 3" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$DATADIR/lloadd/monitor.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER -s e < $LDIF | sed \
+ -e "s|@URI2@|$URI2|g" \
+ -e "s|@URI3@|$URI3|g" \
+ > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/lloadd/test005-tls b/tests/scripts/lloadd/test005-tls
new file mode 100755
index 0000000..7d6f87c
--- /dev/null
+++ b/tests/scripts/lloadd/test005-tls
@@ -0,0 +1,272 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $WITH_TLS = no ; then
+ echo "TLS support not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+cp -r $DATADIR/tls $TESTDIR
+
+cd $TESTWD
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF2 -h $URI3 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+# FIXME: Hack!
+echo "TLSCertificateKeyFile $TESTDIR/tls/private/localhost.key" >>$CONF3
+echo "TLSCertificateFile $TESTDIR/tls/certs/localhost.crt" >>$CONF3
+echo 'authz-regexp "email=([^,]*),cn=[^,]*,ou=OpenLDAP,o=OpenLDAP Foundation,st=CA,c=US" ldap:///ou=People,dc=example,dc=com??sub?(mail=$1)' >>$CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT4 w/ ldaps..."
+$SLAPD -f $CONF3 -h $SURI4 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -o tls-reqcert=never -s base -b "$MONITOR" -H $SURI4 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1 and ldaps $PORT2..."
+. $CONFFILTER $BACKEND < $LLOADDTLSCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF | sed -e "s,listen.*,listen \"$URI1 $SURI2\"," > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo -n "Using ldapsearch with startTLS with no server cert validation...."
+$LDAPSEARCH -o tls-reqcert=never -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+echo -n "Using ldapsearch with startTLS with hard require cert...."
+$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+if test $WITH_TLS_TYPE = openssl ; then
+ echo -n "Using ldapsearch with startTLS and specific protocol version...."
+ $LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard -o tls-protocol-min=3.3 -ZZ -b "" -s base -H $URIP1 \
+ '@extensibleObject' > $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch (protocol-min) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+fi
+
+echo -n "Using ldapsearch on $SURI2 with no server cert validation..."
+$LDAPSEARCH -o tls-reqcert=never -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (ldaps) failed($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+echo -n "Using ldapsearch on $SURI2 with reqcert HARD and no CA cert. Should fail..."
+$LDAPSEARCH -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+ echo "ldapsearch (ldaps) succeeded when it should have failed($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+else
+ echo "failed correctly with error code ($RC)"
+fi
+
+echo -n "Using ldapsearch on $SURI2 with CA cert and reqcert HARD..."
+$LDAPSEARCH -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
+ -o tls-reqcert=hard -b "cn=Subschema" -s base -H $SURIP2 \
+ '(&(objectClasses=top)(objectClasses=2.5.6.0))' cn objectClass \
+ >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch (ldaps) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "success"
+fi
+
+if test $WITH_SASL = no ; then
+ echo "SASL support not available, skipping client cert authentication"
+else
+ echo -n "Using ldapwhoami with SASL/EXTERNAL...."
+ $LDAPSASLWHOAMI -o tls-cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls-reqcert=hard \
+ -o tls-cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \
+ -o tls-key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \
+ -ZZ -Y EXTERNAL -H $URIP1 \
+ > $TESTOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapwhoami (startTLS) failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+
+ echo -n "Validating mapped SASL ID..."
+ echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out
+ $CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ else
+ echo "success"
+ fi
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ echo ">>>>> Test succeeded"
+ RC=0
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC
diff --git a/tests/scripts/lloadd/test006-sasl b/tests/scripts/lloadd/test006-sasl
new file mode 100755
index 0000000..a49dbbb
--- /dev/null
+++ b/tests/scripts/lloadd/test006-sasl
@@ -0,0 +1,252 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $WITH_SASL = "yes" ; then
+ if test $USE_SASL = "no" ; then
+ echo "Not asked to test SASL, skipping test, set SLAPD_USE_SASL to enable..."
+ exit 0
+ fi
+ if test $USE_SASL = "yes" ; then
+ MECH="DIGEST-MD5"
+ else
+ MECH="$USE_SASL"
+ fi
+ echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
+else
+ echo "SASL support not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+cp -r $DATADIR/tls $TESTDIR
+
+cd $TESTWD
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2
+echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting a slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDSASLCONF > $CONF1.lloadd
+if test $AC_lloadd = lloaddyes; then
+ $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
+else
+ . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+ $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+fi
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing lloadd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Checking whether $MECH is supported..."
+$LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+ echo "SASL mechanism $MECH is not available, test skipped"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 0
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing lloadd's identity can assert any authzid..."
+$LDAPWHOAMI -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+ -e\!"authzid=$AUTHZID" > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+AUTHZID="u:bjorn"
+echo "Testing a different identity cannot do the same thing..."
+$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w bjensen \
+ -e\!"authzid=$AUTHZID" >> $TESTOUT 2>/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "ldapwhoami failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Validating WhoAmI? results..."
+echo 'dn:cn=bjorn jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/whoami.out
+echo 'Result: Protocol error (2)
+Additional info: proxy authorization control specified multiple times' >> $TESTDIR/whoami.out
+$CMP $TESTDIR/whoami.out $TESTOUT > $CMPOUT
+
+RC=$?
+if test $RC != 0 ; then
+ echo "Comparison failed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+else
+ echo "Success"
+fi
+
+
+ID="jaj"
+echo "Testing ldapsearch as $ID for \"$BASEDN\" with SASL bind and identity assertion..."
+$LDAPSASLSEARCH -H $URI1 -b "$BASEDN" \
+ -Q -Y $MECH -O maxbufsize=0 -U "$ID" -w jaj > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+if test $RC != 0 ; then
+ echo ">>>>> Test failed"
+else
+ echo ">>>>> Test succeeded"
+ RC=0
+fi
+
+test $KILLSERVERS != no && wait
+
+exit $RC
diff --git a/tests/scripts/lloadd/test007-coherence b/tests/scripts/lloadd/test007-coherence
new file mode 100755
index 0000000..cda6dea
--- /dev/null
+++ b/tests/scripts/lloadd/test007-coherence
@@ -0,0 +1,508 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
+# Cannot assess where operations went without monitor yet
+if test $AC_lloadd = lloaddyes ; then
+ echo "Load balancer module not available, skipping..."
+ exit 0
+fi
+
+# Monitor counts are unstable in the face of concurrency, since different
+# clients may get different upstreams assigned for their operations.
+# Another constraint is that some global counts are updated by the statistics
+# collection task scheduled to run every second.
+#
+# This test assumes current round-robin policy:
+# - default backend is rotated every time we successfully pick an upstream
+# (except when already linked)
+# - upstream connections within the same backend are rotated in the same way
+# - the monitor entry order for upstream connections reflects the connection
+# order within its CIRCLEQ_
+
+echo "Starting the first slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $CONF > $CONF2
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF2
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID2="$PID"
+KILLPIDS="$PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
+$SLAPADD -f $CONF3 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Running slapindex to index slapd database..."
+$SLAPINDEX -f $CONF3
+RC=$?
+if test $RC != 0 ; then
+ echo "warning: slapindex failed ($RC)"
+ echo " assuming no indexing support"
+fi
+
+echo "Starting second slapd on TCP/IP port $PORT3..."
+$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+PID3="$PID"
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting lloadd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd
+. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
+$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Testing slapd searching..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \
+ '(objectclass=*)' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for lloadd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Setting up restrictions..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcBackend={0}lload,cn=config
+changetype: modify
+replace: olcBkLloadWriteCoherence
+olcBkLloadWriteCoherence: 3
+-
+add: olcBkLloadRestrictExop
+# Modify Password Exop
+olcBkLloadRestrictExop: 1.3.6.1.4.1.4203.1.11.1 write
+# LDAP Transaction Exop
+olcBkLloadRestrictExop: 1.3.6.1.1.21.1 connection
+# Cancel Exop
+olcBkLloadRestrictExop: 1.3.6.1.1.8 reject
+-
+add: olcBkLloadRestrictControl
+# assert control
+olcBkLloadRestrictControl: 1.3.6.1.1.12 backend
+# paged results control
+olcBkLloadRestrictControl: 1.2.840.113556.1.4.319 connection
+# dontUseCopy control
+olcBkLloadRestrictControl: 1.3.6.1.1.22 reject
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request to prime the counters..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 52 ; then
+ echo "ldapsearch should have failed ($RC != 52)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding first tier..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadTierConfig
+olcBkLloadTierType: roundrobin
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding first backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=backend,cn={0}first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI2
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 2
+olcBkLloadBindconns: 2
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:4' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor..."
+echo "# Retrieving data from lload's cn=monitor..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: 1 (0 forwarded)" >>$SEARCHOUT
+echo "# Unbind: 1" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding another backend server..."
+$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=server 2,cn={0}first,olcBackend={0}lload,cn=config
+changetype: add
+objectClass: olcBkLloadBackendConfig
+olcBkLloadBackendUri: $URI3
+olcBkLloadMaxPendingConns: 3
+olcBkLloadMaxPendingOps: 5
+olcBkLloadRetry: 1000
+olcBkLloadNumconns: 4
+olcBkLloadBindconns: 5
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for backend ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until connections are established..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmOutgoingConnections:13' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until connections are established..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request with dontUseCopy (fails with Unwilling to Perform)..."
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 -E '!dontUseCopy' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 53 ; then
+ echo "ldapsearch should have failed ($RC != 53)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a search request with paged results=1 (19 requests forwarded over the same connection)..."
+$LDAPSEARCH -b "$BASEDN" -H $URI1 -E '!pr=1/noprompt' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a passmod request..."
+$LDAPPASSWD -H $URI1 -D "$MANAGERDN" -w $PASSWD \
+ -s bjensen2 "$BABSDN" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldappasswd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until global counters are updated..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmCompletedOps:20' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until counters are updated..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ echo >>$SEARCHOUT
+ $LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data after recent ops..." >>$SEARCHOUT
+echo "# Operations now received:" >>$SEARCHOUT
+echo "# Bind: +3 (+3 forwarded)" >>$SEARCHOUT
+echo "# Search: +20" >>$SEARCHOUT
+echo "# Extended: +1 (Password modify)" >>$SEARCHOUT
+echo "# Unbind: +3" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a few writes (some of them will stick to the same backend)..."
+{
+cat <<EOMOD
+dn: $BABSDN
+changetype: modify
+replace: description
+description: changed
+
+dn: $BJORNSDN
+changetype: modify
+replace: description
+description: changed too
+
+EOMOD
+# If we had full control over the connection, we'd know when the last operation
+# finished and so when the grace period ends. We only write to a pipe, just
+# have to wait a bit longer than necessary...
+sleep 5
+cat <<EOMOD
+dn: $JAJDN
+changetype: modify
+replace: description
+description: modified
+
+EOMOD
+} | \
+$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -H $URI1 >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sending a few writes within a TXN..."
+{
+cat <<EOMOD
+dn: $BABSDN
+changetype: modify
+replace: description
+description: changed
+
+dn: $BJORNSDN
+changetype: modify
+replace: description
+description: changed too
+
+EOMOD
+sleep 4
+cat <<EOMOD
+dn: $JAJDN
+changetype: modify
+replace: description
+description: modified
+
+EOMOD
+} | \
+$LDAPMODIFY -D "$MANAGERDN" -w $PASSWD -H $URI1 \
+ -e assert='(objectclass=*)' -E txn=abort >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# At the moment, the global counters are updated by a recurring job,
+# wait for it to settle
+echo "Waiting until global counters are updated..."
+for i in 0 1 2 3 4 5; do
+ $LDAPCOMPARE "cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ 'olmCompletedOps:28' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 6 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds until counters are updated..."
+ sleep $SLEEP1
+done
+if test $RC != 6 ; then
+ echo "ldapcompare failed ($RC)!"
+ echo >>$SEARCHOUT
+ $LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Retrieving data from cn=monitor again..."
+echo >>$SEARCHOUT
+echo "# Retrieving data after recent writes..." >>$SEARCHOUT
+echo "# Operations received:" >>$SEARCHOUT
+echo "# Bind: +2 (+2 forwarded)" >>$SEARCHOUT
+echo "# Modify: +6" >>$SEARCHOUT
+echo "# Extended: +2 (TXN+TXN Abort)" >>$SEARCHOUT
+echo "# Unbind: +2" >>$SEARCHOUT
+$LDAPSEARCH -b "cn=Load Balancer,cn=Backends,cn=monitor" -H $URI6 \
+ olmBalancer olmBalancerServer olmBalancerOperation olmBalancerConnection >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=$DATADIR/lloadd/test007-monitor.ldif
+
+echo "Filtering ldapsearch results..."
+# For now, we don't make sure olmIncomingConnections is reflective of current
+# state (=no connections open) since olmIncomingConnections can be != 0 for a
+# second after it's closed
+$LDIFFILTER < $SEARCHOUT | grep -v '^olmIncomingConnections:' > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+$LDIFFILTER < $LDIF | sed \
+ -e "s|@URI2@|$URI2|g" \
+ -e "s|@URI3@|$URI3|g" \
+ > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "Comparison failed"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0