diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/scripts/test047-ldap | 754 |
1 files changed, 754 insertions, 0 deletions
diff --git a/tests/scripts/test047-ldap b/tests/scripts/test047-ldap new file mode 100755 index 0000000..032fe40 --- /dev/null +++ b/tests/scripts/test047-ldap @@ -0,0 +1,754 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +echo "" + +if test $BACKLDAP = ldapno ; then + echo "ldap backend not available, test skipped" + exit 0 +fi + +if test $RWM = rwmno ; then + echo "rwm (rewrite/remap) overlay not available, test skipped" + exit 0 +fi + +rm -rf $TESTDIR + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 + +echo "Starting slapd on TCP/IP port $PORT1..." +. $CONFFILTER $BACKEND < $METACONF1 > $CONF1 +$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD < \ + $LDIFORDERED > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $METACONF2 > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapadd to populate the database..." +$LDAPADD -D "$METAMANAGERDN" -H $URI2 -w $PASSWD < \ + $LDIFMETA >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Starting slapd on TCP/IP port $PORT3..." +. $CONFFILTER $BACKEND < $GLUELDAPCONF > $CONF3 +$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +sleep 1 + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +cat /dev/null > $SEARCHOUT + +BASEDN="o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# ITS#4195: spurious matchedDN when the search scopes the main target, +# and the searchBase is not present, so that target returns noSuchObject +BASEDN="ou=Meta,o=Example,c=US" +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# +# Do some modifications +# + +BASEDN="o=Example,c=US" +echo "Modifying database \"$BASEDN\"..." +$LDAPMODIFY -v -D "cn=Manager,$BASEDN" -H $URI3 -w $PASSWD \ + -M >> $TESTOUT 2>&1 << EOMODS +# These operations (updates with objectClass mapping) triggered ITS#3499 +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +objectClass: uidObject +cn: Added Group +member: cn=Added Group,ou=Groups,$BASEDN +uid: added + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: add +objectClass: groupOfNames +cn: Another Added Group +member: cn=Added Group,ou=Groups,$BASEDN +member: cn=Another Added Group,ou=Groups,$BASEDN + +dn: cn=Another Added Group,ou=Groups,$BASEDN +changetype: modify +add: objectClass +objectClass: uidObject +- +add: uid +uid: added +- + +dn: cn=Added Group,ou=Groups,$BASEDN +changetype: modify +delete: objectClass +objectClass: uidObject +- +delete: uid +- + +dn: ou=Meta,$BASEDN +changetype: modify +add: description +description: added to "ou=Meta,$BASEDN" +- + +dn: ou=Who's going to handle this?,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: ou=Who's going to handle this?,$BASEDN +changetype: delete + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Who's going to handle this? +description: added +description: will be deleted + +dn: ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: organizationalUnit +ou: Same as above +description: added right after "Who's going to handle this?" +description: will be preserved + +dn: cn=Added User,ou=Same as above,ou=Meta,$BASEDN +changetype: add +objectClass: inetOrgPerson +cn: Added User +sn: User +userPassword: secret + +dn: ou=Who's going to handle this?,ou=Meta,$BASEDN +changetype: delete +EOMODS + +RC=$? +#if test $RC != 0 ; then +# echo "Modify failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Modify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Searching base=\"$BASEDN\"..." +echo "# searching base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +echo " base=\"$BASEDN\"..." +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" -M "$FILTER" '*' ref \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BASEDN="o=Example,c=US" +FILTER="(seeAlso=cn=all staff,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"seeAlso\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"seeAlso\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" "$FILTER" seeAlso \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(uid=example)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"uid\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"uid\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" "$FILTER" uid \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +FILTER="(member=cn=Another Added Group,ou=Groups,$BASEDN)" +echo "Searching filter=\"$FILTER\"" +echo " attrs=\"member\"" +echo " base=\"$BASEDN\"..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Waiting 10 seconds for cached connections to timeout..." +sleep 10 + +echo "Searching with a timed out connection..." +echo "# searching filter=\"$FILTER\"" >> $SEARCHOUT +echo "# attrs=\"member\"" >> $SEARCHOUT +echo "# base=\"$BASEDN\"" >> $SEARCHOUT +echo "# with a timed out connection..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -b "$BASEDN" "$FILTER" member \ + >> $SEARCHOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Search failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 0 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking server-enforced size limit..." +echo "# Checking server-enforced size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# NOTE: cannot send to $SEARCHOUT because the returned entries +# are not predictable... +echo "Checking client-requested size limit..." +echo "# Checking client-requested size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -H $URI3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" -z 2 "(objectClass=*)" 1.1 \ + >> $TESTOUT 2>&1 +RC=$? +case $RC,$BACKEND in + 4,* | 0,null) + ;; + 0,*) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Filtering ldapsearch results..." +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT +echo "Filtering original ldif used to create database..." +$LDIFFILTER < $METAOUT > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - meta search/modification didn't succeed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +# ITS#4458 needs patch to slapo-rwm for global rewriting of passwd_exop +BASEDN="o=Example,c=US" +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -H $URI3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s $PASSWD "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; +# 51) +# echo "### Hit LDAP_BUSY problem; you may want to re-run the test" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit 0 +# ;; +# 80) + 1) + echo "Passwd ExOp failed ($RC)! ITS#4458?" + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $RC = 0 ; then + echo "Binding with newly changed password to database \"$BASEDN\"..." + $LDAPWHOAMI -H $URI3 \ + -D "cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 + RC=$? + #if test $RC != 0 ; then + # echo "WhoAmI failed ($RC)!" + # test $KILLSERVERS != no && kill -HUP $KILLPIDS + # exit $RC + #fi + case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; + esac +fi + +echo "Binding as newly added user to database \"$BASEDN\"..." +$LDAPWHOAMI -H $URI3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w $PASSWD >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Changing password to database \"$BASEDN\"..." +$LDAPPASSWD -H $URI3 -D "cn=Manager,$BASEDN" -w $PASSWD \ + -s meta "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "Passwd ExOp failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC in + 0) + ;; +# 51) +# echo "### Hit LDAP_BUSY problem; you may want to re-run the test" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit 0 +# ;; +# 80) + 1) + echo "Passwd ExOp failed ($RC)! ITS#4458?" + ;; + *) + echo "Passwd ExOp failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +if test $RC = 0 ; then + echo "Binding with newly changed password to database \"$BASEDN\"..." + $LDAPWHOAMI -H $URI3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w meta >> $TESTOUT 2>&1 + RC=$? + #if test $RC != 0 ; then + # echo "WhoAmI failed ($RC)!" + # test $KILLSERVERS != no && kill -HUP $KILLPIDS + # exit $RC + #fi + case $RC in + 0) + ;; + 51) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "WhoAmI failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; + esac +fi + +echo "Binding with incorrect password to database \"$BASEDN\"..." +$LDAPWHOAMI -H $URI3 \ + -D "cn=Added User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Binding with non-existing user to database \"$BASEDN\"..." +$LDAPWHOAMI -H $URI3 \ + -D "cn=Non-existing User,ou=Same as above,ou=Meta,$BASEDN" \ + -w bogus >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 0 ; then +# echo "WhoAmI failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit $RC +#fi +case $RC,$BACKEND in + 0,null) + ;; + 0,*) + echo "WhoAmI should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + ;; +esac + +echo "Comparing to database \"$BASEDN\"..." +$LDAPCOMPARE -H $URI3 \ + "cn=Another Added Group,ou=Groups,$BASEDN" \ + "member:cn=Added Group,ou=Groups,$BASEDN" >> $TESTOUT 2>&1 +RC=$? +#if test $RC != 6 ; then +# echo "Compare failed ($RC)!" +# test $KILLSERVERS != no && kill -HUP $KILLPIDS +# exit -1 +#fi +case $RC,$BACKEND in + 5,null) + ;; + 6,*) + ;; + 51,*) + echo "### Hit LDAP_BUSY problem; you may want to re-run the test" + ;; + *) + echo "Compare failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 + ;; +esac + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 |