#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2022 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

if test $WITH_TLS = no ; then
    echo "TLS support not available, test skipped"
    exit 0
fi

if test $SYNCPROV = syncprovno; then
    echo "Syncrepl provider overlay not available, test skipped"
    exit 0
fi

TMP=$TESTDIR/tmp

mkdir -p $TESTDIR
mkdir -p $TESTDIR/srv1/slapd.d $TESTDIR/srv1/db \
    $TESTDIR/srv2/slapd.d $TESTDIR/srv2/db

cp -r $DATADIR/tls $TESTDIR

$SLAPPASSWD -g -n >$CONFIGPWF

if test x"$SYNCMODE" = x ; then
    SYNCMODE=rp
fi
case "$SYNCMODE" in
    ro)
        SYNCTYPE="type=refreshOnly interval=00:00:00:03"
        ;;
    rp)
        SYNCTYPE="type=refreshAndPersist interval=00:00:00:03"
        ;;
    *)
        echo "unknown sync mode $SYNCMODE"
        exit 1;
        ;;
esac

nullExclude=""
test $BACKEND = null && nullExclude="# "

KILLPIDS=

cat > $TMP <<EOF
dn: cn=config
objectClass: olcGlobal
cn: config
olcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
olcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key

EOF

if test "$SYNCPROV" = syncprovmod ; then
  cat <<EOF >> $TMP
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/overlays
EOF
  if [ "$SYNCPROV" = syncprovmod ]; then
  echo "olcModuleLoad: syncprov.la" >> $TMP
  fi
  echo "" >> $TMP
fi

if [ "$BACKENDTYPE" = mod ]; then
cat <<EOF >> $TMP
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
olcModuleLoad: back_$BACKEND.la

EOF
fi
if test $INDEXDB = indexdb ; then
INDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq"
INDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq"
else
INDEX1=
INDEX2=
fi
cat >> $TMP <<EOF
dn: cn=schema,cn=config
objectclass: olcSchemaconfig
cn: schema

include: file://$ABS_SCHEMADIR/core.ldif

include: file://$ABS_SCHEMADIR/cosine.ldif

include: file://$ABS_SCHEMADIR/inetorgperson.ldif

include: file://$ABS_SCHEMADIR/openldap.ldif

include: file://$ABS_SCHEMADIR/nis.ldif

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW:< file://$CONFIGPWF

dn: olcDatabase={2}$BACKEND,cn=config
objectClass: olcDatabaseConfig
${nullExclude}objectClass: olc${BACKEND}Config
olcDatabase: {2}$BACKEND
olcSuffix: $BASEDN
${nullExclude}olcDbDirectory: ./db
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
$INDEX2
EOF

echo "Configuring provider"
cd $TESTDIR/srv1
$SLAPADD -F ./slapd.d -n 0 -d-1 < $TMP > $TESTOUT 2>&1

$SLAPADD -F ./slapd.d -n 0 -d-1 <<EOF >> $TESTOUT 2>&1
dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
EOF

echo "Starting provider..."
$SLAPD -F ./slapd.d -h "$SURIP1 ldaps://127.0.0.2:$PORT1" -d $LVL > $LOG1 2>&1 &
MASTERPID=$!
if test $WAIT != 0 ; then
    echo MASTERPID $MASTERPID
    read foo
fi
KILLPIDS="$MASTERPID"
cd $TESTWD

echo "Using ldapsearch to check that provider is running..."
for i in 0 1 2 3 4 5; do
    $LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -s base -b "" -H $SURIP1 \
        'objectclass=*' > /dev/null 2>&1
    RC=$?
    if test $RC = 0 ; then
        break
    fi
    echo "Waiting $SLEEP1 seconds for slapd to start..."
    sleep $SLEEP1
done

if test $RC != 0 ; then
    echo "ldapsearch failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Configuring consumer"
cd $TESTDIR/srv2
$SLAPADD -F ./slapd.d -n 0 -d-1 < $TMP >> $TESTOUT 2>&1

$SLAPMODIFY -F ./slapd.d -n 0 -d-1 <<EOF >> $TESTOUT 2>&1
dn: olcDatabase={1}$BACKEND,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldaps://127.0.0.2:$PORT1
  binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD
  searchbase="$BASEDN" $SYNCTYPE retry="3 +" timeout=3
  tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt tls_reqcert=allow
EOF

echo "Starting consumer..."
$SLAPD -F ./slapd.d -h $URI2 -d $LVL > $LOG2 2>&1 &
SLAVEPID=$!
if test $WAIT != 0 ; then
    echo SLAVEPID $SLAVEPID
    read foo
fi
KILLPIDS="$MASTERPID $SLAVEPID"
cd $TESTWD

echo "Using ldapsearch to check that consumer is running..."
for i in 0 1 2 3 4 5; do
    $LDAPSEARCH -s base -b "" -H $URI2 \
        'objectclass=*' > /dev/null 2>&1
    RC=$?
    if test $RC = 0 ; then
        break
    fi
    echo "Waiting $SLEEP1 seconds for slapd to start..."
    sleep $SLEEP1
done

if test $RC != 0 ; then
    echo "ldapsearch failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Populating provider"
$LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o \
    tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
    -f $LDIFORDERED >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
    echo "ldapadd failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Waiting for consumer to sync..."
sleep $SLEEP2

$LDAPSEARCH -b "$BASEDN" -H "$URI2" -D "$BABSDN" -w bjensen \
    '(objectClass=*)' >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
    echo "ldapsearch failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
$LDIFFILTER < $LDIFORDERED > $LDIFFLT
echo "" >> $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT

if test $? != 0 ; then
    echo "Comparison failed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit 1
fi

echo "Stopping the provider, sleeping $SLEEP2 seconds and restarting it..."
kill -HUP "$MASTERPID"
wait $MASTERPID
sleep $SLEEP2

echo "======================= RESTART =======================" >> $LOG1
cd $TESTDIR/srv1
$SLAPD -F slapd.d -h "$SURIP1 ldaps://127.0.0.2:$PORT1" -d $LVL >> $LOG1 2>&1 &
MASTERPID=$!
if test $WAIT != 0 ; then
    echo MASTERPID $MASTERPID
    read foo
fi
KILLPIDS="$MASTERPID $SLAVEPID"
cd $TESTWD

echo "Using ldapsearch to check that provider is running..."
for i in 0 1 2 3 4 5; do
    $LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -s base -b "" -H $SURIP1 \
        'objectclass=*' > /dev/null 2>&1
    RC=$?
    if test $RC = 0 ; then
        break
    fi
    echo "Waiting $SLEEP1 seconds for slapd to start..."
    sleep $SLEEP1
done

if test $RC != 0 ; then
    echo "ldapsearch failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Updating provider"
$LDAPMODRDN -H $SURIP1 -D "$MANAGERDN" -w $PASSWD \
    -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt <<EOF
$BABSDN
cn=Babs
EOF

if test $RC != 0 ; then
    echo "ldapmodrdn failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

$LDAPWHOAMI -H $URI2 \
    -D "cn=Babs,ou=Information Technology DivisioN,ou=People,$BASEDN" \
    -w bjensen
RC=$?
if test $RC != 0 ; then
    echo "ldapwhoami failed ($RC)!"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0