12de962bdSlukem#! /bin/sh 2d11b170bStron# $OpenLDAP$ 32de962bdSlukem## This work is part of OpenLDAP Software <http://www.openldap.org/>. 42de962bdSlukem## 5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation. 62de962bdSlukem## All rights reserved. 72de962bdSlukem## 82de962bdSlukem## Redistribution and use in source and binary forms, with or without 92de962bdSlukem## modification, are permitted only as authorized by the OpenLDAP 102de962bdSlukem## Public License. 112de962bdSlukem## 122de962bdSlukem## A copy of this license is available in the file LICENSE in the 132de962bdSlukem## top-level directory of the distribution or, alternatively, at 142de962bdSlukem## <http://www.OpenLDAP.org/license.html>. 152de962bdSlukem 162de962bdSlukemecho "running defines.sh" 172de962bdSlukem. $SRCDIR/scripts/defines.sh 182de962bdSlukem 192de962bdSlukemif test $BACKLDAP = "ldapno" ; then 202de962bdSlukem echo "LDAP backend not available, test skipped" 212de962bdSlukem exit 0 222de962bdSlukemfi 232de962bdSlukem 242de962bdSlukemrm -rf $TESTDIR 252de962bdSlukem 262de962bdSlukemmkdir -p $TESTDIR $DBDIR1 $DBDIR2 272de962bdSlukem 282de962bdSlukemecho "Running slapadd to build slapd database..." 29*e670fd5cSchristos. $CONFFILTER $BACKEND < $CHAINCONF1 > $ADDCONF 302de962bdSlukem. $CONFFILTER < $LDIFCHAIN1 > $SEARCHOUT 312de962bdSlukem$SLAPADD -f $ADDCONF -l $SEARCHOUT 322de962bdSlukemRC=$? 332de962bdSlukemif test $RC != 0 ; then 342de962bdSlukem echo "slapadd 1 failed ($RC)!" 352de962bdSlukem exit $RC 362de962bdSlukemfi 372de962bdSlukem 38*e670fd5cSchristos. $CONFFILTER $BACKEND < $CHAINCONF2 > $ADDCONF 392de962bdSlukem. $CONFFILTER < $LDIFCHAIN2 > $SEARCHOUT 402de962bdSlukem$SLAPADD -f $ADDCONF -l $SEARCHOUT 412de962bdSlukemRC=$? 422de962bdSlukemif test $RC != 0 ; then 432de962bdSlukem echo "slapadd 2 failed ($RC)!" 442de962bdSlukem exit $RC 452de962bdSlukemfi 462de962bdSlukem 472de962bdSlukemecho "Starting first slapd on TCP/IP port $PORT1..." 48*e670fd5cSchristos. $CONFFILTER $BACKEND < $CHAINCONF1 > $CONF1 49*e670fd5cSchristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 502de962bdSlukemPID1=$! 512de962bdSlukemif test $WAIT != 0 ; then 522de962bdSlukem echo PID $PID1 532de962bdSlukem read foo 542de962bdSlukemfi 552de962bdSlukemKILLPIDS="$PID1" 562de962bdSlukem 572de962bdSlukemecho "Starting second slapd on TCP/IP port $PORT2..." 58*e670fd5cSchristos. $CONFFILTER $BACKEND < $CHAINCONF2 > $CONF2 59*e670fd5cSchristos$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 602de962bdSlukemPID2=$! 612de962bdSlukemif test $WAIT != 0 ; then 622de962bdSlukem echo PID $PID2 632de962bdSlukem read foo 642de962bdSlukemfi 652de962bdSlukem 662de962bdSlukemKILLPIDS="$KILLPIDS $PID2" 672de962bdSlukem 682de962bdSlukemsleep 1 692de962bdSlukem 702de962bdSlukemecho "Using ldapsearch to check that first slapd is running..." 712de962bdSlukemfor i in 0 1 2 3 4 5; do 72*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 732de962bdSlukem 'objectclass=*' > /dev/null 2>&1 742de962bdSlukem RC=$? 752de962bdSlukem if test $RC = 0 ; then 762de962bdSlukem break 772de962bdSlukem fi 782de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 792de962bdSlukem sleep 5 802de962bdSlukemdone 812de962bdSlukem 822de962bdSlukemif test $RC != 0 ; then 832de962bdSlukem echo "ldapsearch failed ($RC)!" 842de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 852de962bdSlukem exit $RC 862de962bdSlukemfi 872de962bdSlukem 882de962bdSlukemecho "Using ldapsearch to check that second slapd is running..." 892de962bdSlukemfor i in 0 1 2 3 4 5; do 90*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 912de962bdSlukem 'objectclass=*' > /dev/null 2>&1 922de962bdSlukem RC=$? 932de962bdSlukem if test $RC = 0 ; then 942de962bdSlukem break 952de962bdSlukem fi 962de962bdSlukem echo "Waiting 5 seconds for slapd to start..." 972de962bdSlukem sleep 5 982de962bdSlukemdone 992de962bdSlukem 1002de962bdSlukemif test $RC != 0 ; then 1012de962bdSlukem echo "ldapsearch failed ($RC)!" 1022de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1032de962bdSlukem exit $RC 1042de962bdSlukemfi 1052de962bdSlukem 106*e670fd5cSchristosfor n in 1 2 ; do 107*e670fd5cSchristos URI=`eval echo '$URI'$n` 108*e670fd5cSchristos echo "Testing ldapsearch as anonymous for \"$BASEDN\" on server $n..." 109*e670fd5cSchristos $LDAPSEARCH -H $URI -b "$BASEDN" -S "" \ 1102de962bdSlukem > $SEARCHOUT 2>&1 1112de962bdSlukem 1122de962bdSlukem RC=$? 1132de962bdSlukem if test $RC != 0 ; then 1142de962bdSlukem echo "ldapsearch failed ($RC)!" 1152de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1162de962bdSlukem exit $RC 1172de962bdSlukem fi 1182de962bdSlukem 1192de962bdSlukem echo "Filtering ldapsearch results..." 120ef2f90d3Sadam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 1212de962bdSlukem echo "Filtering original ldif used to create database..." 122ef2f90d3Sadam $LDIFFILTER < $CHAINOUT > $LDIFFLT 1232de962bdSlukem echo "Comparing filter output..." 1242de962bdSlukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 1252de962bdSlukem 1262de962bdSlukem if test $? != 0 ; then 1272de962bdSlukem echo "comparison failed - chained search didn't succeed" 1282de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1292de962bdSlukem exit 1 1302de962bdSlukem fi 1312de962bdSlukem 132*e670fd5cSchristos echo "Reading the referral entry \"ou=Other,$BASEDN\" as anonymous on server $n..." 133*e670fd5cSchristos $LDAPSEARCH -H $URI -b "ou=Other,$BASEDN" -S "" \ 1342de962bdSlukem > $SEARCHOUT 2>&1 1352de962bdSlukem 1362de962bdSlukem RC=$? 1372de962bdSlukem if test $RC != 0 ; then 1382de962bdSlukem echo "ldapsearch failed ($RC)!" 1392de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1402de962bdSlukem exit $RC 1412de962bdSlukem fi 1422de962bdSlukem 1432de962bdSlukem echo "Filtering ldapsearch results..." 144ef2f90d3Sadam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 1452de962bdSlukem echo "Filtering original ldif used to create database..." 146ef2f90d3Sadam $LDIFFILTER < $CHAINREFOUT > $LDIFFLT 1472de962bdSlukem echo "Comparing filter output..." 1482de962bdSlukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 1492de962bdSlukem 1502de962bdSlukem if test $? != 0 ; then 1512de962bdSlukem echo "comparison failed - chained search didn't succeed" 1522de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1532de962bdSlukem exit 1 1542de962bdSlukem fi 1552de962bdSlukem 1562de962bdSlukem DN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" 157*e670fd5cSchristos echo "Comparing \"$DN\" on server $n..." 158*e670fd5cSchristos $LDAPCOMPARE -H $URI "$DN" "cn:Mark Elliot" \ 1592de962bdSlukem > $TESTOUT 2>&1 1602de962bdSlukem 1612de962bdSlukem RC=$? 162ef2f90d3Sadam if test $RC != 6 && test $RC,$BACKEND != 5,null ; then 1632de962bdSlukem echo "ldapcompare failed ($RC)!" 1642de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 165ef2f90d3Sadam exit 1 1662de962bdSlukem fi 1672de962bdSlukem 1682de962bdSlukem DN="ou=Other,$BASEDN" 169*e670fd5cSchristos echo "Comparing \"$DN\" on server $n with manageDSAit control..." 170*e670fd5cSchristos $LDAPCOMPARE -H $URI -M "$DN" "ou:Other" \ 1712de962bdSlukem > $TESTOUT 2>&1 1722de962bdSlukem 1732de962bdSlukem RC=$? 174ef2f90d3Sadam if test $RC != 6 && test $RC,$BACKEND != 5,null ; then 1752de962bdSlukem echo "ldapcompare failed ($RC)!" 1762de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 177ef2f90d3Sadam exit 1 1782de962bdSlukem fi 1792de962bdSlukemdone 1802de962bdSlukem 1812de962bdSlukem# 1822de962bdSlukem# Testing writes to first server 1832de962bdSlukem# 1842de962bdSlukemecho "Writing to first server with scope on second server..." 185*e670fd5cSchristos$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD > \ 1862de962bdSlukem $TESTOUT 2>&1 << EOMODS 1872de962bdSlukemdn: cn=New Group,ou=Groups,dc=example,dc=com 1882de962bdSlukemchangetype: add 1892de962bdSlukemobjectClass: groupOfNames 1902de962bdSlukemcn: New Group 1912de962bdSlukemmember: 1922de962bdSlukem 1932de962bdSlukemdn: cn=New Group,ou=Groups,dc=example,dc=com 1942de962bdSlukemchangetype: modify 1952de962bdSlukemadd: description 1962de962bdSlukemdescription: testing chain overlay writes... 1972de962bdSlukem- 1982de962bdSlukemreplace: member 1992de962bdSlukemmember: cn=New Group,ou=Groups,dc=example,dc=com 2002de962bdSlukemmember: cn=Manager,dc=example,dc=com 2012de962bdSlukem- 2022de962bdSlukemadd: owner 2032de962bdSlukemowner: cn=Manager,dc=example,dc=com 2042de962bdSlukem- 2052de962bdSlukem 2062de962bdSlukemdn: cn=New Group,ou=Groups,dc=example,dc=com 2072de962bdSlukemchangetype: modrdn 2082de962bdSlukemnewrdn: cn=Renamed Group 2092de962bdSlukemdeleteoldrdn: 1 2102de962bdSlukem 2112de962bdSlukemdn: cn=All Staff,ou=Groups,dc=example,dc=com 2122de962bdSlukemchangetype: delete 2132de962bdSlukemEOMODS 2142de962bdSlukem 2152de962bdSlukemRC=$? 2162de962bdSlukemif test $RC != 0 ; then 2172de962bdSlukem echo "ldapmodify failed ($RC)!" 2182de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2192de962bdSlukem exit $RC 2202de962bdSlukemfi 2212de962bdSlukem 2222de962bdSlukem# 2232de962bdSlukem# Testing writes to second server 2242de962bdSlukem# 2252de962bdSlukemecho "Writing to second server with scope on first server..." 226*e670fd5cSchristos$LDAPMODIFY -v -D "$MANAGERDN" -H $URI2 -w $PASSWD > \ 2272de962bdSlukem $TESTOUT 2>&1 << EOMODS 2282de962bdSlukemdn: cn=New User,ou=People,dc=example,dc=com 2292de962bdSlukemchangetype: add 2302de962bdSlukemobjectClass: person 2312de962bdSlukemcn: New User 2322de962bdSlukemsn: User 2332de962bdSlukemseeAlso: cn=New Group,ou=Groups,dc=example,dc=com 2342de962bdSlukem 2352de962bdSlukemdn: cn=New User,ou=People,dc=example,dc=com 2362de962bdSlukemchangetype: modify 2372de962bdSlukemadd: description 2382de962bdSlukemdescription: testing chain overlay writes... 2392de962bdSlukem- 2402de962bdSlukemreplace: seeAlso 2412de962bdSlukemseeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com 2422de962bdSlukem- 2432de962bdSlukem 2442de962bdSlukemdn: cn=New User,ou=People,dc=example,dc=com 2452de962bdSlukemchangetype: modrdn 2462de962bdSlukemnewrdn: cn=Renamed User 2472de962bdSlukemdeleteoldrdn: 1 2482de962bdSlukem 2492de962bdSlukemdn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com 2502de962bdSlukemchangetype: delete 2512de962bdSlukemEOMODS 2522de962bdSlukem 2532de962bdSlukemRC=$? 2542de962bdSlukemif test $RC != 0 ; then 2552de962bdSlukem echo "ldapmodify failed ($RC)!" 2562de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2572de962bdSlukem exit $RC 2582de962bdSlukemfi 2592de962bdSlukem 260*e670fd5cSchristosfor n in 1 2 ; do 261*e670fd5cSchristos URI=`eval echo '$URI'$n` 262*e670fd5cSchristos echo "Testing ldapsearch as anonymous for \"$BASEDN\" on server $n..." 263*e670fd5cSchristos $LDAPSEARCH -H $URI -b "$BASEDN" -S "" \ 2642de962bdSlukem > $SEARCHOUT 2>&1 2652de962bdSlukem 2662de962bdSlukem RC=$? 2672de962bdSlukem if test $RC != 0 ; then 2682de962bdSlukem echo "ldapsearch failed ($RC)!" 2692de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2702de962bdSlukem exit $RC 2712de962bdSlukem fi 2722de962bdSlukem 2732de962bdSlukem echo "Filtering ldapsearch results..." 274ef2f90d3Sadam $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 2752de962bdSlukem echo "Filtering original ldif used to create database..." 276ef2f90d3Sadam $LDIFFILTER < $CHAINMODOUT > $LDIFFLT 2772de962bdSlukem echo "Comparing filter output..." 2782de962bdSlukem $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 2792de962bdSlukem 2802de962bdSlukem if test $? != 0 ; then 2812de962bdSlukem echo "comparison failed - chained search didn't succeed" 2822de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2832de962bdSlukem exit 1 2842de962bdSlukem fi 2852de962bdSlukemdone 2862de962bdSlukem 2872de962bdSlukemNEWPW=newsecret 2882de962bdSlukemecho "Using ldappasswd on second server with scope on first server..." 289*e670fd5cSchristos$LDAPPASSWD -H $URI2 \ 2902de962bdSlukem -w secret -s $NEWPW \ 2912de962bdSlukem -D "$MANAGERDN" "$BJORNSDN" >> $TESTOUT 2>&1 2922de962bdSlukemRC=$? 2932de962bdSlukemif test $RC != 0 ; then 2942de962bdSlukem echo "ldappasswd failed ($RC)!" 2952de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2962de962bdSlukem exit $RC 2972de962bdSlukemfi 2982de962bdSlukem 2992de962bdSlukemecho "Binding with newly changed password on first server..." 300*e670fd5cSchristos$LDAPWHOAMI -H $URI1 \ 3012de962bdSlukem -D "$BJORNSDN" -w $NEWPW 3022de962bdSlukemRC=$? 3032de962bdSlukemif test $RC != 0 ; then 3042de962bdSlukem echo "ldapwhoami failed ($RC)!" 3052de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3062de962bdSlukem exit $RC 3072de962bdSlukemfi 3082de962bdSlukem 3094e6df137Slukem# ITS#57?? 310*e670fd5cSchristos$LDAPADD -H $URI1 \ 3114e6df137Slukem -D "$MANAGERDN" -w secret \ 3124e6df137Slukem >> $TESTOUT 2>&1 \ 3134e6df137Slukem << EOMODS 3144e6df137Slukemdn: ou=Can't Contact,dc=example,dc=com 3154e6df137Slukemchangetype: add 3164e6df137Slukemobjectclass: referral 3174e6df137Slukemobjectclass: extensibleobject 3184e6df137Slukemou: Can't Contact 3194e6df137Slukem# invalid URI to test broken connectivity handling (search only) 3204e6df137Slukemref: ${URI3}ou=Can't%20Contact,dc=example,dc=com 3214e6df137SlukemEOMODS 3224e6df137Slukem 3234e6df137Slukemecho "Reading the referral entry \"ou=Can't Contact,$BASEDN\" as anonymous on port $PORT1..." 324*e670fd5cSchristos$LDAPSEARCH -H $URI1 -b "$BASEDN" -S "" "(cn=Can't Contact)" \ 3254e6df137Slukem > $SEARCHOUT 2>&1 3264e6df137Slukem 3274e6df137SlukemRC=$? 3284e6df137Slukemif test $RC != 0 ; then 3294e6df137Slukem echo "ldapsearch failed ($RC)!" 3304e6df137Slukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3314e6df137Slukem exit $RC 3324e6df137Slukemfi 3334e6df137Slukem 3342de962bdSlukemtest $KILLSERVERS != no && kill -HUP $KILLPIDS 3352de962bdSlukem 3362de962bdSlukemecho ">>>>> Test succeeded" 3372de962bdSlukem 3382de962bdSlukemtest $KILLSERVERS != no && wait 3392de962bdSlukem 3402de962bdSlukemexit 0 341