12de962bdSlukem#! /bin/sh 2d11b170bStron# $OpenLDAP$ 32de962bdSlukem## This work is part of OpenLDAP Software <http://www.openldap.org/>. 42de962bdSlukem## 5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation. 62de962bdSlukem## All rights reserved. 72de962bdSlukem## 82de962bdSlukem## Redistribution and use in source and binary forms, with or without 92de962bdSlukem## modification, are permitted only as authorized by the OpenLDAP 102de962bdSlukem## Public License. 112de962bdSlukem## 122de962bdSlukem## A copy of this license is available in the file LICENSE in the 132de962bdSlukem## top-level directory of the distribution or, alternatively, at 142de962bdSlukem## <http://www.OpenLDAP.org/license.html>. 152de962bdSlukem 162de962bdSlukemecho "running defines.sh" 172de962bdSlukem. $SRCDIR/scripts/defines.sh 182de962bdSlukem 192de962bdSlukemecho "### This test requires the ldap backend and glue overlay." 202de962bdSlukemecho "### If available, and explicitly requested, it can use SASL bind;" 212de962bdSlukemecho "### note that SASL must be properly set up, and the requested" 222de962bdSlukemecho "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," 232de962bdSlukemecho "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]." 242de962bdSlukem 252de962bdSlukemif test $BACKLDAP = "ldapno" ; then 262de962bdSlukem echo "LDAP backend not available, test skipped" 272de962bdSlukem exit 0 282de962bdSlukemfi 292de962bdSlukem 302de962bdSlukemif test $WITH_SASL = "yes" ; then 312de962bdSlukem if test $USE_SASL != "no" ; then 322de962bdSlukem if test $USE_SASL = "yes" ; then 332de962bdSlukem MECH="DIGEST-MD5" 342de962bdSlukem else 352de962bdSlukem MECH="$USE_SASL" 362de962bdSlukem fi 372de962bdSlukem echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" 382de962bdSlukem else 392de962bdSlukem echo "Using proxyAuthz with simple authc..." 402de962bdSlukem fi 412de962bdSlukemelse 422de962bdSlukem echo "SASL not available; using proxyAuthz with simple authc..." 432de962bdSlukemfi 442de962bdSlukem 452de962bdSlukemmkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 462de962bdSlukem 472de962bdSlukemecho "Running slapadd to build slapd database..." 48*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF1 > $ADDCONF 492de962bdSlukem$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE1 502de962bdSlukemRC=$? 512de962bdSlukemif test $RC != 0 ; then 522de962bdSlukem echo "slapadd 1 failed ($RC)!" 532de962bdSlukem exit $RC 542de962bdSlukemfi 552de962bdSlukem 56*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF2 > $ADDCONF 572de962bdSlukem$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE2 582de962bdSlukemRC=$? 592de962bdSlukemif test $RC != 0 ; then 602de962bdSlukem echo "slapadd 2 failed ($RC)!" 612de962bdSlukem exit $RC 622de962bdSlukemfi 632de962bdSlukem 64*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF3 > $ADDCONF 652de962bdSlukem$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE3 662de962bdSlukemRC=$? 672de962bdSlukemif test $RC != 0 ; then 682de962bdSlukem echo "slapadd 3 failed ($RC)!" 692de962bdSlukem exit $RC 702de962bdSlukemfi 712de962bdSlukem 722de962bdSlukemecho "Starting local slapd on TCP/IP port $PORT1..." 73*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF1 > $CONF1 74*e670fd5cSchristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 752de962bdSlukemPID1=$! 762de962bdSlukemif test $WAIT != 0 ; then 772de962bdSlukem echo PID $PID1 782de962bdSlukem read foo 792de962bdSlukemfi 802de962bdSlukem 812de962bdSlukemecho "Starting remote slapd 1 on TCP/IP port $PORT2..." 82*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF2 > $CONF2 83*e670fd5cSchristos$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 842de962bdSlukemPID2=$! 852de962bdSlukemif test $WAIT != 0 ; then 862de962bdSlukem echo PID $PID2 872de962bdSlukem read foo 882de962bdSlukemfi 892de962bdSlukem 902de962bdSlukemecho "Starting remote slapd 2 on TCP/IP port $PORT3..." 91*e670fd5cSchristos. $CONFFILTER $BACKEND < $LDAPGLUECONF3 > $CONF3 92*e670fd5cSchristos$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & 932de962bdSlukemPID3=$! 942de962bdSlukemif test $WAIT != 0 ; then 952de962bdSlukem echo PID $PID3 962de962bdSlukem read foo 972de962bdSlukemfi 982de962bdSlukemKILLPIDS="$PID1 $PID2 $PID3" 992de962bdSlukem 1002de962bdSlukemsleep 1 1012de962bdSlukem 1022de962bdSlukemecho "Using ldapsearch to check that slapd is running..." 1032de962bdSlukemfor i in 0 1 2 3 4 5; do 104*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 1052de962bdSlukem 'objectclass=*' > /dev/null 2>&1 1062de962bdSlukem RC=$? 1072de962bdSlukem if test $RC = 0 ; then 1082de962bdSlukem break 1092de962bdSlukem fi 1102de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 1112de962bdSlukem sleep 5 1122de962bdSlukemdone 1132de962bdSlukem 1142de962bdSlukemecho "Using ldapsearch to check that slapd is running..." 1152de962bdSlukemfor i in 0 1 2 3 4 5; do 116*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 1172de962bdSlukem 'objectclass=*' > /dev/null 2>&1 1182de962bdSlukem RC=$? 1192de962bdSlukem if test $RC = 0 ; then 1202de962bdSlukem break 1212de962bdSlukem fi 1222de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 1232de962bdSlukem sleep 5 1242de962bdSlukemdone 1252de962bdSlukem 1262de962bdSlukemecho "Using ldapsearch to check that slapd is running..." 1272de962bdSlukemfor i in 0 1 2 3 4 5; do 128*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ 1292de962bdSlukem 'objectclass=*' > /dev/null 2>&1 1302de962bdSlukem RC=$? 1312de962bdSlukem if test $RC = 0 ; then 1322de962bdSlukem break 1332de962bdSlukem fi 1342de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 1352de962bdSlukem sleep 5 1362de962bdSlukemdone 1372de962bdSlukem 1382de962bdSlukemID="uid=bjorn,ou=People,dc=example,dc=com" 1392de962bdSlukemBASE="dc=example,dc=com" 1402de962bdSlukemecho "Testing ldapsearch as $ID for \"$BASE\"..." 141*e670fd5cSchristos$LDAPSEARCH -H $URI1 -b "$BASE" \ 1422de962bdSlukem -D "$ID" -w bjorn > $SEARCHOUT 2>&1 1432de962bdSlukem 1442de962bdSlukemRC=$? 1452de962bdSlukemif test $RC != 0 ; then 1462de962bdSlukem echo "ldapsearch failed ($RC)!" 1472de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1482de962bdSlukem exit $RC 1492de962bdSlukemfi 1502de962bdSlukem 1512de962bdSlukemecho "Filtering ldapsearch results..." 152ef2f90d3Sadam$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT 1532de962bdSlukemecho "Filtering original ldif used to create database..." 154ef2f90d3Sadam$LDIFFILTER -s ldif=e < $LDAPGLUEOUT > $LDIFFLT 1552de962bdSlukemecho "Comparing filter output..." 1562de962bdSlukem$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 1572de962bdSlukem 1582de962bdSlukemif test $? != 0 ; then 1592de962bdSlukem echo "comparison failed - glued search with identity assertion didn't succeed" 1602de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1612de962bdSlukem exit 1 1622de962bdSlukemfi 1632de962bdSlukem 1642de962bdSlukemBASE="dc=example,dc=com" 1652de962bdSlukemecho "Testing ldapsearch as anonymous for \"$BASE\"..." 166*e670fd5cSchristos$LDAPSEARCH -H $URI1 -b "$BASE" \ 1672de962bdSlukem > $SEARCHOUT 2>&1 1682de962bdSlukem 1692de962bdSlukemRC=$? 1702de962bdSlukemif test $RC != 0 ; then 1712de962bdSlukem echo "ldapsearch failed ($RC)!" 1722de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1732de962bdSlukem exit $RC 1742de962bdSlukemfi 1752de962bdSlukem 1762de962bdSlukemecho "Filtering ldapsearch results..." 177ef2f90d3Sadam$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 1782de962bdSlukemecho "Filtering original ldif used to create database..." 179ef2f90d3Sadam$LDIFFILTER < $LDAPGLUEANONYMOUSOUT > $LDIFFLT 1802de962bdSlukemecho "Comparing filter output..." 1812de962bdSlukem$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 1822de962bdSlukem 1832de962bdSlukemif test $? != 0 ; then 1842de962bdSlukem echo "comparison failed - anonymous glued search with identity assertion didn't succeed" 1852de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1862de962bdSlukem exit 1 1872de962bdSlukemfi 1882de962bdSlukem 1892de962bdSlukem# FIXME: this cannot work as is, because SASL bind cannot be proxied! 1902de962bdSlukemif test $USE_SASL != "no" ; then 1912de962bdSlukem ID="bjorn" 1922de962bdSlukem BASE="dc=example,dc=com" 1932de962bdSlukem echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." 194*e670fd5cSchristos $LDAPSASLSEARCH -H $URI1 -b "$BASE" \ 1952de962bdSlukem -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1 1962de962bdSlukem 1972de962bdSlukem RC=$? 1982de962bdSlukem if test $RC != 0 ; then 1992de962bdSlukem echo "ldapsearch failed ($RC)!" 2002de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2012de962bdSlukem exit $RC 2022de962bdSlukem fi 2032de962bdSlukem 2042de962bdSlukem echo "Filtering ldapsearch results..." 205ef2f90d3Sadam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 2062de962bdSlukem echo "Filtering original ldif used to create database..." 207ef2f90d3Sadam $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT 2082de962bdSlukem echo "Comparing filter output..." 2092de962bdSlukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 2102de962bdSlukem 2112de962bdSlukem if test $? != 0 ; then 2122de962bdSlukem echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed" 2132de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2142de962bdSlukem exit 1 2152de962bdSlukem fi 2162de962bdSlukemfi 2172de962bdSlukem 2182de962bdSlukemtest $KILLSERVERS != no && kill -HUP $KILLPIDS 2192de962bdSlukem 2202de962bdSlukemecho ">>>>> Test succeeded" 2212de962bdSlukem 2222de962bdSlukemtest $KILLSERVERS != no && wait 2232de962bdSlukem 2242de962bdSlukemexit 0 225