summaryrefslogtreecommitdiffstats
path: root/tests/scripts/test070-delta-multiprovider-ldaps
diff options
context:
space:
mode:
Diffstat (limited to 'tests/scripts/test070-delta-multiprovider-ldaps')
-rwxr-xr-xtests/scripts/test070-delta-multiprovider-ldaps577
1 files changed, 577 insertions, 0 deletions
diff --git a/tests/scripts/test070-delta-multiprovider-ldaps b/tests/scripts/test070-delta-multiprovider-ldaps
new file mode 100755
index 0000000..3fb96cc
--- /dev/null
+++ b/tests/scripts/test070-delta-multiprovider-ldaps
@@ -0,0 +1,577 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $WITH_TLS = no ; then
+ echo "TLS support not available, test skipped"
+ exit 0
+fi
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+if test $ACCESSLOG = accesslogno; then
+ echo "Accesslog overlay not available, test skipped"
+ exit 0
+fi
+
+MMR=2
+
+XDIR=$TESTDIR/srv
+TMP=$TESTDIR/tmp
+
+mkdir -p $TESTDIR
+cp -r $DATADIR/tls $TESTDIR
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+
+if test x"$SYNCMODE" = x ; then
+ SYNCMODE=rp
+fi
+case "$SYNCMODE" in
+ ro)
+ SYNCTYPE="type=refreshOnly interval=00:00:00:03"
+ ;;
+ rp)
+ SYNCTYPE="type=refreshAndPersist interval=00:00:00:03"
+ ;;
+ *)
+ echo "unknown sync mode $SYNCMODE"
+ exit 1;
+ ;;
+esac
+
+#
+# Test delta-sync mmr
+# - start servers
+# - configure over ldap
+# - populate over ldap
+# - configure syncrepl over ldap
+# - break replication
+# - modify each server separately
+# - restore replication
+# - compare results
+#
+
+nullExclude=""
+test $BACKEND = null && nullExclude="# "
+
+KILLPIDS=
+
+echo "Initializing server configurations..."
+n=1
+while [ $n -le $MMR ]; do
+
+DBDIR=${XDIR}$n/db
+CFDIR=${XDIR}$n/slapd.d
+
+mkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
+
+o=`expr 3 - $n`
+cat > $TMP <<EOF
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcServerID: $n
+olcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
+olcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key
+
+EOF
+
+if [ "$SYNCPROV" = syncprovmod -o "$ACCESSLOG" = accesslogmod ]; then
+ cat <<EOF >> $TMP
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/overlays
+EOF
+ if [ "$SYNCPROV" = syncprovmod ]; then
+ echo "olcModuleLoad: syncprov.la" >> $TMP
+ fi
+ if [ "$ACCESSLOG" = accesslogmod ]; then
+ echo "olcModuleLoad: accesslog.la" >> $TMP
+ fi
+ echo "" >> $TMP
+fi
+
+if [ "$BACKENDTYPE" = mod ]; then
+cat <<EOF >> $TMP
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
+olcModuleLoad: back_$BACKEND.la
+
+EOF
+fi
+MYURI=`eval echo '$SURIP'$n`
+PROVIDERURI=`eval echo '$SURIP'$o`
+if test $INDEXDB = indexdb ; then
+INDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq"
+INDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq"
+else
+INDEX1=
+INDEX2=
+fi
+cat >> $TMP <<EOF
+dn: cn=schema,cn=config
+objectclass: olcSchemaconfig
+cn: schema
+
+include: file://$ABS_SCHEMADIR/core.ldif
+
+include: file://$ABS_SCHEMADIR/cosine.ldif
+
+include: file://$ABS_SCHEMADIR/inetorgperson.ldif
+
+include: file://$ABS_SCHEMADIR/openldap.ldif
+
+include: file://$ABS_SCHEMADIR/nis.ldif
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file://$CONFIGPWF
+
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+${nullExclude}objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcSuffix: cn=log
+${nullExclude}olcDbDirectory: ${DBDIR}.1
+olcRootDN: $MANAGERDN
+$INDEX1
+
+dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={2}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+${nullExclude}objectClass: olc${BACKEND}Config
+olcDatabase: {2}$BACKEND
+olcSuffix: $BASEDN
+${nullExclude}olcDbDirectory: ${DBDIR}.2
+olcRootDN: $MANAGERDN
+olcRootPW: $PASSWD
+olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
+ credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+ retry="3 +" timeout=3 logbase="cn=log"
+ logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
+ syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
+olcMultiProvider: TRUE
+$INDEX2
+
+dn: olcOverlay=syncprov,olcDatabase={2}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+
+dn: olcOverlay=accesslog,olcDatabase={2}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: accesslog
+olcAccessLogDB: cn=log
+olcAccessLogOps: writes
+olcAccessLogSuccess: TRUE
+
+EOF
+$SLAPADD -F $CFDIR -n 0 -d-1< $TMP > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+PORT=`eval echo '$PORT'$n`
+echo "Starting server $n on TCP/IP port $PORT..."
+cd ${XDIR}${n}
+LOG=`eval echo '$LOG'$n`
+$SLAPD -F slapd.d -h $MYURI -d $LVL > $LOG 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID $KILLPIDS"
+cd $TESTWD
+
+echo "Using ldapsearch to check that server $n is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -s base -b "" -H $MYURI \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if [ $n = 1 ]; then
+echo "Using ldapadd for context on server 1..."
+$LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDCP \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for server $n database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+fi
+
+n=`expr $n + 1`
+done
+
+echo "Using ldapadd to populate server 1..."
+$LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDNOCP \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for server $n database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldaps://${LOCALIP}:$PORT/"
+
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -b "$BASEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at server $n ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
+
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+n=`expr $n + 1`
+done
+
+echo "Using ldapadd to populate server 2..."
+$LDAPADD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD -f $LDIFADD1 \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for server 2 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+THEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com"
+sleep 1
+for i in 1 2 3; do
+ $LDAPSEARCH -S "" -b "$THEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $SURIP1 \
+ -s base '(objectClass=*)' entryCSN > "${PROVIDEROUT}.$i" 2>&1
+ RC=$?
+
+ if test $RC = 0 ; then
+ break
+ fi
+
+ if test $RC != 32 ; then
+ echo "ldapsearch failed at replica ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+ sleep $SLEEP1
+done
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldaps://${LOCALIP}:$PORT/"
+
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -S "" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at server $n ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
+
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+n=`expr $n + 1`
+done
+
+echo "Breaking replication between server 1 and 2..."
+n=1
+while [ $n -le $MMR ]; do
+o=`expr 3 - $n`
+MYURI=`eval echo '$SURIP'$n`
+PROVIDERURI=`eval echo '$SURIP'$o`
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
+dn: olcDatabase={2}$BACKEND,cn=config
+changetype: modify
+replace: olcSyncRepl
+olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
+ credentials=InvalidPw searchbase="$BASEDN" $SYNCTYPE
+ retry="3 +" timeout=3 logbase="cn=log"
+ logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
+ syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
+-
+replace: olcMultiProvider
+olcMultiProvider: TRUE
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server $n config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+n=`expr $n + 1`
+done
+
+echo "Using ldapmodify to force conflicts between server 1 and 2..."
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+add: description
+description: Amazing
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 1 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+add: description
+description: Stupendous
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 2 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+delete: description
+description: Outstanding
+-
+add: description
+description: Mindboggling
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 1 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+delete: description
+description: OutStanding
+-
+add: description
+description: Bizarre
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 2 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+add: carLicense
+carLicense: 123-XYZ
+-
+add: employeeNumber
+employeeNumber: 32
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 1 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+add: employeeType
+employeeType: deadwood
+-
+add: employeeNumber
+employeeNumber: 64
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 2 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: $THEDN
+changetype: modify
+replace: sn
+sn: Replaced later
+-
+replace: sn
+sn: Surname
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server 1 database ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Restoring replication between server 1 and 2..."
+n=1
+while [ $n -le $MMR ]; do
+o=`expr 3 - $n`
+MYURI=`eval echo '$SURIP'$n`
+PROVIDERURI=`eval echo '$SURIP'$o`
+$LDAPMODIFY -D cn=config -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
+dn: olcDatabase={2}$BACKEND,cn=config
+changetype: modify
+replace: olcSyncRepl
+olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
+ credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+ retry="3 +" timeout=3 logbase="cn=log"
+ logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
+ syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
+-
+replace: olcMultiProvider
+olcMultiProvider: TRUE
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for server $n config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+n=`expr $n + 1`
+done
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+n=1
+while [ $n -le $MMR ]; do
+PORT=`expr $BASEPORT + $n`
+URI="ldaps://${LOCALIP}:$PORT/"
+
+echo "Using ldapsearch to read all the entries from server $n..."
+$LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
+ 'objectclass=*' > $TESTDIR/server$n.out 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at server $n ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+$LDIFFILTER -s a < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
+n=`expr $n + 1`
+done
+
+n=2
+while [ $n -le $MMR ]; do
+echo "Comparing retrieved entries from server 1 and server $n..."
+$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - server 1 and server $n databases differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+n=`expr $n + 1`
+done
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0