12de962bdSlukem#! /bin/sh 2d11b170bStron# $OpenLDAP$ 32de962bdSlukem## This work is part of OpenLDAP Software <http://www.openldap.org/>. 42de962bdSlukem## 5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation. 62de962bdSlukem## All rights reserved. 72de962bdSlukem## 82de962bdSlukem## Redistribution and use in source and binary forms, with or without 92de962bdSlukem## modification, are permitted only as authorized by the OpenLDAP 102de962bdSlukem## Public License. 112de962bdSlukem## 122de962bdSlukem## A copy of this license is available in the file LICENSE in the 132de962bdSlukem## top-level directory of the distribution or, alternatively, at 142de962bdSlukem## <http://www.OpenLDAP.org/license.html>. 152de962bdSlukem 162de962bdSlukemecho "running defines.sh" 172de962bdSlukem. $SRCDIR/scripts/defines.sh 182de962bdSlukem 192de962bdSlukemmkdir -p $TESTDIR $DBDIR1 202de962bdSlukem 212de962bdSlukemecho "Running slapadd to build slapd database..." 22*e670fd5cSchristos. $CONFFILTER $BACKEND < $CONF > $CONF1 232de962bdSlukem#echo $SLAPADD -f $CONF1 -l $LDIFORDERED 242de962bdSlukem$SLAPADD -f $CONF1 -l $LDIFORDERED 252de962bdSlukemRC=$? 262de962bdSlukemif test $RC != 0 ; then 272de962bdSlukem echo "slapadd failed ($RC)!" 282de962bdSlukem exit $RC 292de962bdSlukemfi 302de962bdSlukem 312de962bdSlukemecho "Starting slapd on TCP/IP port $PORT1..." 32*e670fd5cSchristos#valgrind -v --gdb-attach=yes --logfile=info --num-callers=16 --leak-check=yes --leak-resolution=high $SLAPD -f $CONF1 -h $URI1 -d $LVL </dev/tty > $LOG1 2>&1 & 33*e670fd5cSchristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 342de962bdSlukemPID=$! 352de962bdSlukemif test $WAIT != 0 ; then 362de962bdSlukem echo PID $PID 372de962bdSlukem read foo 382de962bdSlukemfi 392de962bdSlukemKILLPIDS="$PID" 402de962bdSlukem 412de962bdSlukemecho "Testing certificate handling..." 422de962bdSlukem 432de962bdSlukemsleep 1 442de962bdSlukem 452de962bdSlukemfor i in 0 1 2 3 4 5; do 46*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 472de962bdSlukem 'objectclass=*' > /dev/null 2>&1 482de962bdSlukem RC=$? 492de962bdSlukem if test $RC = 0 ; then 502de962bdSlukem break 512de962bdSlukem fi 522de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 532de962bdSlukem sleep 5 542de962bdSlukemdone 552de962bdSlukem 562de962bdSlukemif test $RC != 0 ; then 572de962bdSlukem echo "ldapsearch failed ($RC)!" 582de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 592de962bdSlukem exit $RC 602de962bdSlukemfi 612de962bdSlukem 622de962bdSlukemecho "Add certificates..." 63*e670fd5cSchristos$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD > \ 642de962bdSlukem $TESTOUT 2>&1 << EOMODS 652de962bdSlukemversion: 1 662de962bdSlukem 672de962bdSlukem# LEADING COMMENT AND WHITE SPACE 682de962bdSlukem 692de962bdSlukem# should use certificationAuthority instead of extensibleObject 702de962bdSlukemdn: dc=example,dc=com 712de962bdSlukemchangetype: modify 722de962bdSlukemadd: objectClass 732de962bdSlukemobjectClass: extensibleObject 742de962bdSlukem- 752de962bdSlukemadd: cAcertificate;binary 762de962bdSlukemcAcertificate;binary:: 772de962bdSlukem MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 782de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 792de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 802de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzMDQxWhcNMDQxMDE2MTYzMDQxWjB3MQswCQYD 812de962bdSlukem VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg 822de962bdSlukem RXhhbXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJ 832de962bdSlukem ARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlj 842de962bdSlukem UGxiisAzEiALukzt3Gj/24MRw1J0AZx6GncXLhpNJsAFyA0bYZdAzgvydKeq/uX0 852de962bdSlukem i5o/4Byc3G71XAAcbJZxDPtrLwpDAdMNOBvKV2r67yTgnpatFLfGRt/FWazj5EbF 862de962bdSlukem YkorWWTe+4eEBd9VPzebHdIm+DPHipUfIAzRoNejAgMBAAGjge8wgewwHQYDVR0O 872de962bdSlukem BBYEFEtvIRo2JNKQ+UOwU0ctfeHA5pgjMIGhBgNVHSMEgZkwgZaAFEtvIRo2JNKQ 882de962bdSlukem +UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv 892de962bdSlukem cm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjETMBEGA1UEAxMK 902de962bdSlukem RXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CAQAwDAYD 912de962bdSlukem VR0TBAUwAwEB/zAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0B 922de962bdSlukem AQQFAAOBgQCgXD/+28El3GXi/uxMNEKqtnIhQdTnNU4il0fZ6pcmHPFC+61Bddow 932de962bdSlukem 90ZZZh5Gbg5ZBxFRhDXN8K/fix3ewRSjASt40dGlEODkE+FsLMt04sYl6kX7RGKg 942de962bdSlukem 9a46DkeG+uzZnN/3252uCgh+rjNMFAglueUTERv3EtUB1iXEoU3GyA== 952de962bdSlukem 962de962bdSlukemdn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com 972de962bdSlukemchangetype: modify 982de962bdSlukemadd: objectClass 992de962bdSlukemobjectClass: strongAuthenticationUser 1002de962bdSlukem- 1012de962bdSlukemadd: userCertificate;binary 1022de962bdSlukemuserCertificate;binary:: 1032de962bdSlukem MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 1042de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 1052de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 1062de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYD 1072de962bdSlukem VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAg 1082de962bdSlukem RXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhIEhhbXBzdGVyMR8wHQYJKoZI 1092de962bdSlukem hvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB 1102de962bdSlukem iQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJ 1112de962bdSlukem h+qnsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYm 1122de962bdSlukem J0erS3aoimOHLEFimmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8 1132de962bdSlukem MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl 1142de962bdSlukem cnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUOiC37EK0Uf0XjCBoQYDVR0j 1152de962bdSlukem BIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMx 1162de962bdSlukem EzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUs 1172de962bdSlukem IEx0ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4 1182de962bdSlukem YW1wbGUuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESu 1192de962bdSlukem xLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7 1202de962bdSlukem Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5jds/HnaJsGcHI5JRG7CBJb 1212de962bdSlukem W+wrwge3trJ1xHJI8prN 1222de962bdSlukem 1232de962bdSlukemdn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com 1242de962bdSlukemchangetype: modify 1252de962bdSlukemadd: objectClass 1262de962bdSlukemobjectClass: strongAuthenticationUser 1272de962bdSlukem- 1282de962bdSlukemadd: userCertificate;binary 1292de962bdSlukemuserCertificate;binary:: 1302de962bdSlukem MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 1312de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 1322de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 1332de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG 1342de962bdSlukem A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ 1352de962bdSlukem IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w 1362de962bdSlukem HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD 1372de962bdSlukem gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC 1382de962bdSlukem YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy 1392de962bdSlukem NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj 1402de962bdSlukem gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 1412de962bdSlukem ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh 1422de962bdSlukem BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG 1432de962bdSlukem EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh 1442de962bdSlukem bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO 1452de962bdSlukem Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2 1462de962bdSlukem Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt 1472de962bdSlukem T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/ 1482de962bdSlukem 5MCKLu9bGJUjsKnGdm/KpaNwaNo= 1492de962bdSlukem 1502de962bdSlukemdn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com 1512de962bdSlukemchangetype: modify 1522de962bdSlukemadd: userCertificate;binary 1532de962bdSlukemuserCertificate;binary:: 1542de962bdSlukem MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 1552de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 1562de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 1572de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG 1582de962bdSlukem A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF 1592de962bdSlukem eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV 1602de962bdSlukem BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4 1612de962bdSlukem YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO 1622de962bdSlukem 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn 1632de962bdSlukem i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD 1642de962bdSlukem J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ 1652de962bdSlukem YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud 1662de962bdSlukem DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS 1672de962bdSlukem kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm 1682de962bdSlukem b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT 1692de962bdSlukem CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G 1702de962bdSlukem CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n 1712de962bdSlukem Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t 1722de962bdSlukem THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ 1732de962bdSlukem- 1742de962bdSlukemdelete: userCertificate;binary 1752de962bdSlukemuserCertificate;binary:: 1762de962bdSlukem MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 1772de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 1782de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 1792de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzMTQwWhcNMDQxMDE2MTYzMTQwWjCBgjELMAkG 1802de962bdSlukem A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQ 1812de962bdSlukem IEV4YW1wbGUsIEx0ZC4xHTAbBgNVBAMUFEplbm5pZmVyICJKZW4iIFNtaXRoMR4w 1822de962bdSlukem HAYJKoZIhvcNAQkBFg9qZW5AZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD 1832de962bdSlukem gY0AMIGJAoGBANUgO8cP/SjqgCVxxsRYv36AP0+QL81iEkGvR4gG6jbtDDBdVYDC 1842de962bdSlukem YbS2oKKNJ5e99NxGMIjOYfmKcAwmkV46IhdzUtkutgjHEG9vl5ajSwc1KSsbTMTy 1852de962bdSlukem NtuG3k5k02JYFbP+FrGyUE8iPqK4+i7mVjW4bh/MBCHW88FptnpDJiuHAgMBAAGj 1862de962bdSlukem gf8wgfwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 1872de962bdSlukem ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEdo4jpxCQXJ1sh/E1O3ZBkLTbHkMIGh 1882de962bdSlukem BgNVHSMEgZkwgZaAFEtvIRo2JNKQ+UOwU0ctfeHA5pgjoXukeTB3MQswCQYDVQQG 1892de962bdSlukem EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhh 1902de962bdSlukem bXBsZSwgTHRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYO 1912de962bdSlukem Y2FAZXhhbXBsZS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAFpHsQUtSZQzmm9k2 1922de962bdSlukem Vrfs0h7tdkWF3LcHzHk4a/t3k4EXcqlHBxh4f0tmb4XNP9QupRgm6ggr8t3Rq0Vt 1932de962bdSlukem T8k50x4C7oE8HwZuEEB4FM7S1Zig3dfeJ8MJgdaLqt5/U9Ip/hZdzG2dsUsIceH/ 1942de962bdSlukem 5MCKLu9bGJUjsKnGdm/KpaNwaNo= 1952de962bdSlukem 1962de962bdSlukemdn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com 1972de962bdSlukemchangetype: modify 1982de962bdSlukemreplace: userCertificate;binary 1992de962bdSlukemuserCertificate;binary:: 2002de962bdSlukem MIIDjDCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET 2012de962bdSlukem MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg 2022de962bdSlukem THRkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhh 2032de962bdSlukem bXBsZS5jb20wHhcNMDMxMDE3MTYzNTM1WhcNMDQxMDE2MTYzNTM1WjCBnjELMAkG 2042de962bdSlukem A1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMR8wHQYDVQQKExZPcGVuTERBUCBF 2052de962bdSlukem eGFtcGxlLCBMdGQuMRswGQYDVQQLExJBbHVtbmkgQXNzb2ljYXRpb24xEjAQBgNV 2062de962bdSlukem BAMTCUplbiBTbWl0aDEqMCgGCSqGSIb3DQEJARYbamVuQG1haWwuYWx1bW5pLmV4 2072de962bdSlukem YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpnXWAL0VkROGO 2082de962bdSlukem 1Rg8J3u6F4F7yMqQCbUMsV9rxQisYj45+pmqiHV5urogvT4MGD6eLNFZKBn+0KRn 2092de962bdSlukem i++uu7gbartzpmBaHOlzRII9ZdVMFfrT2xYNgAlkne6pb6IZIN9UONuH/httENCD 2102de962bdSlukem J5WEpjZ48D1Lrml/HYO/W+SAMkpEqQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJ 2112de962bdSlukem YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud 2122de962bdSlukem DgQWBBTB2saht/od/nis76b9m+pjxfhSPjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTS 2132de962bdSlukem kPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm 2142de962bdSlukem b3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0ZC4xEzARBgNVBAMT 2152de962bdSlukem CkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAMA0G 2162de962bdSlukem CSqGSIb3DQEBBAUAA4GBAIoGPc/AS0cNkMRDNoMIzcFdF9lONMduKBiSuFvv+x8n 2172de962bdSlukem Cek+LUdXxF59V2NPKh2V5gFh5xbAchyv6FVBnpVtPdB5akCr5tdFQhuBLUXXDk/t 2182de962bdSlukem THGpIWt7OAjEmpuMzsz3GUB8Zf9rioHOs1DMw+GpzWdnFITxXhAqEDc3quqPrpxZ 2192de962bdSlukem- 2202de962bdSlukemdelete: userCertificate;binary 2212de962bdSlukem 2222de962bdSlukemEOMODS 2232de962bdSlukem 2242de962bdSlukemRC=$? 2252de962bdSlukemif test $RC != 0 ; then 2262de962bdSlukem echo "ldapmodify failed ($RC)!" 2272de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2282de962bdSlukem exit $RC 2292de962bdSlukemfi 2302de962bdSlukem 2312de962bdSlukemecho 'Using ldapsearch to retrieve (userCertificate;binary=*) ...' 2322de962bdSlukemecho "# (userCertificate;binary=*)" > $SEARCHOUT 233*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2342de962bdSlukem '(userCertificate;binary=*)' >> $SEARCHOUT 2>&1 2352de962bdSlukemRC=$? 2362de962bdSlukemif test $RC != 0 ; then 2372de962bdSlukem echo "ldapsearch failed ($RC)!" 2382de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2392de962bdSlukem exit $RC 2402de962bdSlukemfi 2412de962bdSlukem 2422de962bdSlukemecho 'Using ldapsearch to retrieve (cAcertificate=*) ...' 2432de962bdSlukemecho "# (cAcertificate=*)" >> $SEARCHOUT 244*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2452de962bdSlukem '(cAcertificate=*)' >> $SEARCHOUT 2>&1 2462de962bdSlukemRC=$? 2472de962bdSlukemif test $RC != 0 ; then 2482de962bdSlukem echo "ldapsearch failed ($RC)!" 2492de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2502de962bdSlukem exit $RC 2512de962bdSlukemfi 2522de962bdSlukem 2532de962bdSlukemSNAI='2$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' 2542de962bdSlukem 2552de962bdSlukemecho 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [old format] ...' 2562de962bdSlukemecho "# (userCertificate=$SNAI)" >> $SEARCHOUT 257*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2582de962bdSlukem "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 2592de962bdSlukemRC=$? 2602de962bdSlukemif test $RC != 0 ; then 2612de962bdSlukem echo "ldapsearch failed ($RC)!" 2622de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2632de962bdSlukem exit $RC 2642de962bdSlukemfi 2652de962bdSlukem 2662de962bdSlukemSNAI='{ serialNumber 2, issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US" }' 2672de962bdSlukem 2682de962bdSlukemecho 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [new format] ...' 2692de962bdSlukemecho "# (userCertificate=$SNAI)" >> $SEARCHOUT 270*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2712de962bdSlukem "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 2722de962bdSlukemRC=$? 2732de962bdSlukemif test $RC != 0 ; then 2742de962bdSlukem echo "ldapsearch failed ($RC)!" 2752de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2762de962bdSlukem exit $RC 2772de962bdSlukemfi 2782de962bdSlukem 2792de962bdSlukemSNAI='3$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' 2802de962bdSlukem 2812de962bdSlukemecho 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [old format] ...' 2822de962bdSlukemecho "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 283*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2842de962bdSlukem "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 2852de962bdSlukemRC=$? 2862de962bdSlukemif test $RC != 0 ; then 2872de962bdSlukem echo "ldapsearch failed ($RC)!" 2882de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2892de962bdSlukem exit $RC 2902de962bdSlukemfi 2912de962bdSlukem 2922de962bdSlukemSNAI='{ issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US", serialNumber 3 }' 2932de962bdSlukem 2942de962bdSlukemecho 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [new format]...' 2952de962bdSlukemecho "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 296*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 2972de962bdSlukem "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 2982de962bdSlukemRC=$? 2992de962bdSlukemif test $RC != 0 ; then 3002de962bdSlukem echo "ldapsearch failed ($RC)!" 3012de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3022de962bdSlukem exit $RC 3032de962bdSlukemfi 3042de962bdSlukem 3052de962bdSlukemtest $KILLSERVERS != no && kill -HUP $KILLPIDS 3062de962bdSlukem 3072de962bdSlukemLDIF=$CERTIFICATETLS 3082de962bdSlukem 3092de962bdSlukemecho "Filtering ldapsearch results..." 310ef2f90d3Sadam$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 3112de962bdSlukemecho "Filtering original ldif used to create database..." 312ef2f90d3Sadam$LDIFFILTER < $LDIF > $LDIFFLT 3132de962bdSlukemecho "Comparing filter output..." 3142de962bdSlukem$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 3152de962bdSlukem 3162de962bdSlukemif test $? != 0 ; then 3172de962bdSlukem echo "comparison failed - certificate operations did not complete correctly" 3182de962bdSlukem exit 1 3192de962bdSlukemfi 3202de962bdSlukem 3212de962bdSlukemecho ">>>>> Test succeeded" 3222de962bdSlukem 3232de962bdSlukemtest $KILLSERVERS != no && wait 3242de962bdSlukem 3252de962bdSlukemexit 0 326