diff options
Diffstat (limited to 'tests/data/regressions/its9400')
| -rwxr-xr-x | tests/data/regressions/its9400/its9400 | 161 | ||||
| -rw-r--r-- | tests/data/regressions/its9400/slapd-proxy-idassert.conf | 52 |
2 files changed, 213 insertions, 0 deletions
diff --git a/tests/data/regressions/its9400/its9400 b/tests/data/regressions/its9400/its9400 new file mode 100755 index 0000000..1045431 --- /dev/null +++ b/tests/data/regressions/its9400/its9400 @@ -0,0 +1,161 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +ITS=9400 +ITSDIR=$DATADIR/regressions/its$ITS + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 +cp -r $DATADIR/tls $TESTDIR + +echo "This test checks that back-ldap does retry binds after the remote LDAP server" +echo "has abruptly disconnected the (idle) LDAP connection." + +# +# Start slapd that acts as a remote LDAP server that will be proxied +# +echo "Running slapadd to build database for the remote slapd server..." +. $CONFFILTER $BACKEND < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED + +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + + +echo "Starting remote slapd server on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h "$URI1" -d $LVL > $LOG1 2>&1 & +SERVERPID=$! +if test $WAIT != 0 ; then + echo SERVERPID $SERVERPID + read foo +fi + + +# +# Start ldapd that will proxy for the remote server +# +echo "Starting slapd proxy on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $ITSDIR/slapd-proxy-idassert.conf > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PROXYPID=$! +if test $WAIT != 0 ; then + echo PROXYPID $PROXYPID + read foo +fi +KILLPIDS="$KILLPIDS $PROXYPID" + +sleep 1 + + +# +# Successful searches +# + +echo "Using ldapsearch with bind that will be passed through to remote server..." +$LDAPSEARCH -S "" -b "$BASEDN" \ + -D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \ + -H $URI2 \ + -w "bjensen" \ + 'objectclass=*' > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at proxy ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +echo "Using ldapsearch with idassert-bind..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at proxy ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +# +# Now kill the remote slapd that is being proxied for. +# This will invalidate the current TCP connections that proxy has to remote. +# +echo "Killing remote server" +kill $SERVERPID +sleep 1 + +echo "Re-starting remote slapd server on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h "$URI1" -d $LVL >> $LOG1 2>&1 & +SERVERPID=$! +if test $WAIT != 0 ; then + echo SERVERPID $SERVERPID + read foo +fi +KILLPIDS="$KILLPIDS $SERVERPID" + +sleep 2 + + +echo "-------------------------------------------------" >> $TESTOUT +echo "Searches after remote slapd server has restarted:" >> $TESTOUT +echo "-------------------------------------------------" >> $TESTOUT + +# +# Successful search +# +echo "Using ldapsearch with bind that will be passed through to remote server..." +$LDAPSEARCH -S "" -b "$BASEDN" \ + -D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \ + -H $URI2 \ + -w "bjensen" \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at proxy ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# +# UNSUCCESFUL SEARCH +# +echo "Using ldapsearch with idassert-bind..." +$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed at proxy ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 diff --git a/tests/data/regressions/its9400/slapd-proxy-idassert.conf b/tests/data/regressions/its9400/slapd-proxy-idassert.conf new file mode 100644 index 0000000..2f2750b --- /dev/null +++ b/tests/data/regressions/its9400/slapd-proxy-idassert.conf @@ -0,0 +1,52 @@ +# provider slapd config -- for testing +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +include @SCHEMADIR@/core.schema +include @SCHEMADIR@/cosine.schema +include @SCHEMADIR@/inetorgperson.schema +include @SCHEMADIR@/openldap.schema +include @SCHEMADIR@/nis.schema +pidfile @TESTDIR@/slapd.m.pid +argsfile @TESTDIR@/slapd.m.args + +####################################################################### +# database definitions +####################################################################### + +#mod#modulepath ../servers/slapd/back-@BACKEND@/:../servers/slapd/overlays +#mod#moduleload back_@BACKEND@.la +#ldapmod#modulepath ../servers/slapd/back-ldap/ +#ldapmod#moduleload back_ldap.la +#monitormod#modulepath ../servers/slapd/back-monitor/ +#monitormod#moduleload back_monitor.la + +# here the proxy is not only acting as a proxy, but it also has a local database dc=local,dc=com" +database @BACKEND@ +suffix "dc=local,dc=com" +rootdn "cn=Manager,dc=local,dc=com" +rootpw "secret" +#~null~#directory @TESTDIR@/db.2.a + +# Configure proxy +# - normal user binds to "*,dc=example,dc=com" are proxied through to the remote slapd +# - admin bind to local "cn=Manager,dc=local,dc=com" is overwritten by using idassert-bind +database ldap +uri "@URI1@" +suffix "dc=example,dc=com" +idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials="secret" +idassert-authzFrom "dn.exact:cn=Manager,dc=local,dc=com" +rebind-as-user yes + +database monitor |