12de962bdSlukem#! /bin/sh 2d11b170bStron# $OpenLDAP$ 32de962bdSlukem## This work is part of OpenLDAP Software <http://www.openldap.org/>. 42de962bdSlukem## 5*e670fd5cSchristos## Copyright 2004-2021 The OpenLDAP Foundation. 62de962bdSlukem## All rights reserved. 72de962bdSlukem## 82de962bdSlukem## Redistribution and use in source and binary forms, with or without 92de962bdSlukem## modification, are permitted only as authorized by the OpenLDAP 102de962bdSlukem## Public License. 112de962bdSlukem## 122de962bdSlukem## A copy of this license is available in the file LICENSE in the 132de962bdSlukem## top-level directory of the distribution or, alternatively, at 142de962bdSlukem## <http://www.OpenLDAP.org/license.html>. 152de962bdSlukem 162de962bdSlukemecho "running defines.sh" 172de962bdSlukem. $SRCDIR/scripts/defines.sh 182de962bdSlukem 192de962bdSlukemPERSONAL="(objectClass=inetOrgPerson)" 202de962bdSlukemNOWHERE="/dev/null" 212de962bdSlukemFAILURE="additional info:" 222de962bdSlukem 232de962bdSlukemif test $TRANSLUCENT = translucentno ; then 242de962bdSlukem echo "Translucent Proxy overlay not available, test skipped" 252de962bdSlukem exit 0 262de962bdSlukemfi 272de962bdSlukem 282de962bdSlukemif test $AC_ldap = ldapno ; then 292de962bdSlukem echo "Translucent Proxy overlay requires back-ldap backend, test skipped" 302de962bdSlukem exit 0 312de962bdSlukemfi 322de962bdSlukem 332de962bdSlukem# configure backside 342de962bdSlukemmkdir -p $TESTDIR $DBDIR1 352de962bdSlukem 362de962bdSlukem$SLAPPASSWD -g -n >$CONFIGPWF 372de962bdSlukemecho "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 382de962bdSlukem 392de962bdSlukemDBIX=2 402de962bdSlukem 41*e670fd5cSchristos. $CONFFILTER $BACKEND < $TRANSLUCENTREMOTECONF > $CONF1 422de962bdSlukemecho "Running slapadd to build remote slapd database..." 432de962bdSlukem$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG 442de962bdSlukemRC=$? 452de962bdSlukemif test $RC != 0 ; then 462de962bdSlukem echo "slapadd failed ($RC)!" 472de962bdSlukem exit $RC 482de962bdSlukemfi 492de962bdSlukem 502de962bdSlukemecho "Starting remote slapd on TCP/IP port $PORT1..." 51*e670fd5cSchristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 522de962bdSlukemPID=$! 532de962bdSlukemif test $WAIT != 0 ; then 542de962bdSlukem echo PID $PID 552de962bdSlukem read foo 562de962bdSlukemfi 572de962bdSlukemREMOTEPID="$PID" 582de962bdSlukemKILLPIDS="$PID" 592de962bdSlukem 602de962bdSlukemsleep 1 612de962bdSlukem 622de962bdSlukemfor i in 0 1 2 3 4 5; do 632de962bdSlukem $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 642de962bdSlukem 'objectclass=*' > /dev/null 2>&1 652de962bdSlukem RC=$? 662de962bdSlukem if test $RC = 0 ; then 672de962bdSlukem break 682de962bdSlukem fi 692de962bdSlukem echo "Waiting 5 seconds for remote slapd to start..." 702de962bdSlukem sleep 5 712de962bdSlukemdone 722de962bdSlukem 732de962bdSlukemif test $RC != 0 ; then 742de962bdSlukem echo "ldapsearch failed ($RC)!" 752de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 762de962bdSlukem exit $RC 772de962bdSlukemfi 782de962bdSlukem 792de962bdSlukem# configure frontside 802de962bdSlukemmkdir -p $DBDIR2 812de962bdSlukem 82*e670fd5cSchristos. $CONFFILTER $BACKEND < $TRANSLUCENTLOCALCONF > $CONF2 832de962bdSlukem 842de962bdSlukemecho "Starting local slapd on TCP/IP port $PORT2..." 85*e670fd5cSchristos$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 862de962bdSlukemPID=$! 872de962bdSlukemif test $WAIT != 0 ; then 882de962bdSlukem echo PID $PID 892de962bdSlukem read foo 902de962bdSlukemfi 912de962bdSlukemLOCALPID="$PID" 922de962bdSlukemKILLPIDS="$LOCALPID $REMOTEPID" 932de962bdSlukem 942de962bdSlukemsleep 1 952de962bdSlukem 962de962bdSlukemfor i in 0 1 2 3 4 5; do 972de962bdSlukem $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 982de962bdSlukem 'objectclass=*' > /dev/null 2>&1 992de962bdSlukem RC=$? 1002de962bdSlukem if test $RC = 0 ; then 1012de962bdSlukem break 1022de962bdSlukem fi 1032de962bdSlukem echo "Waiting 5 seconds for local slapd to start..." 1042de962bdSlukem sleep 5 1052de962bdSlukemdone 1062de962bdSlukem 1072de962bdSlukemif test $RC != 0 ; then 1082de962bdSlukem echo "ldapsearch failed ($RC)!" 1092de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1102de962bdSlukem exit $RC 1112de962bdSlukemfi 1122de962bdSlukem 1132de962bdSlukemecho "Testing slapd Translucent Proxy operations..." 1142de962bdSlukem 1152de962bdSlukemecho "Testing search: no remote data defined..." 1162de962bdSlukem 1172de962bdSlukem$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1 1182de962bdSlukem 1192de962bdSlukemRC=$? 1202de962bdSlukemif test $RC != 0 ; then 1212de962bdSlukem echo "ldapsearch failed ($RC)!" 1222de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1232de962bdSlukem exit $RC 1242de962bdSlukemfi 1252de962bdSlukem 1262de962bdSlukemif test -s $SEARCHOUT; then 1272de962bdSlukem echo "ldapsearch should have returned no records!" 1282de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1292de962bdSlukem exit 1 1302de962bdSlukemfi 1312de962bdSlukem 1322de962bdSlukemecho "Populating remote database..." 1332de962bdSlukem 1342de962bdSlukem$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \ 1352de962bdSlukem -w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1 1362de962bdSlukem 1372de962bdSlukemRC=$? 1382de962bdSlukemif test $RC != 0 ; then 1392de962bdSlukem echo "ldapadd failed ($RC)!" 1402de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1412de962bdSlukem exit $RC 1422de962bdSlukemfi 1432de962bdSlukem 1442de962bdSlukemecho "Testing search: remote database via local slapd..." 1452de962bdSlukem 1462de962bdSlukem$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 1472de962bdSlukem 1482de962bdSlukemRC=$? 1492de962bdSlukemif test $RC != 0 ; then 1502de962bdSlukem echo "ldapsearch failed ($RC)!" 1512de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1522de962bdSlukem exit $RC 1532de962bdSlukemfi 1542de962bdSlukem 155ef2f90d3Sadam$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 156ef2f90d3Sadam$LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT 1572de962bdSlukem$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 1582de962bdSlukem 1592de962bdSlukemif test $? != 0 ; then 1602de962bdSlukem echo "Comparison failed -- corruption from remote to local!" 1612de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1622de962bdSlukem exit 1 1632de962bdSlukemfi 1642de962bdSlukem 1652de962bdSlukemecho "Testing add: prohibited local record..." 1662de962bdSlukem 1672de962bdSlukem$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \ 1682de962bdSlukem -w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 1692de962bdSlukem 1702de962bdSlukemRC=$? 1712de962bdSlukemif test $RC != 50 ; then 1722de962bdSlukem echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" 1732de962bdSlukem grep "$FAILURE" $TESTOUT 1742de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1752de962bdSlukem exit 1 1762de962bdSlukemfi 1772de962bdSlukem 1782de962bdSlukemecho "Testing add: valid local record, no_glue..." 1792de962bdSlukem 1802de962bdSlukem$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \ 1812de962bdSlukem -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 1822de962bdSlukem 1832de962bdSlukemRC=$? 184ef2f90d3Sadamif test $RC != 32 && test $RC,$BACKEND != 0,null ; then 1852de962bdSlukem echo "ldapadd failed ($RC), expected NO SUCH OBJECT!" 1862de962bdSlukem grep "$FAILURE" $TESTOUT 1872de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 1882de962bdSlukem exit 1 1892de962bdSlukemfi 1902de962bdSlukem 1912de962bdSlukemecho "Testing modrdn: valid local record, no_glue..." 1922de962bdSlukem 1932de962bdSlukem$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 1942de962bdSlukem $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 1952de962bdSlukem 1962de962bdSlukemRC=$? 197ef2f90d3Sadamif test $RC != 32 && test $RC,$BACKEND != 0,null ; then 1982de962bdSlukem echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!" 1992de962bdSlukem grep "$FAILURE" $TESTOUT 2002de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2012de962bdSlukem exit 1 2022de962bdSlukemfi 2032de962bdSlukem 2042de962bdSlukemecho "Dynamically configuring local slapd without translucent_no_glue..." 2052de962bdSlukem 2062de962bdSlukem$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 2072de962bdSlukemdn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 2082de962bdSlukemchangetype: modify 2092de962bdSlukemreplace: olcTranslucentNoGlue 2102de962bdSlukemolcTranslucentNoGlue: FALSE 2112de962bdSlukemEOF 2122de962bdSlukemRC=$? 2132de962bdSlukemif test $RC != 0 ; then 2142de962bdSlukem echo "ldapmodify of dynamic config failed ($RC)" 2152de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2162de962bdSlukem exit 1 2172de962bdSlukemfi 2182de962bdSlukem 2192de962bdSlukemecho "Testing add: valid local record..." 2202de962bdSlukem 2212de962bdSlukem$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \ 2222de962bdSlukem -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 2232de962bdSlukem 2242de962bdSlukemRC=$? 2252de962bdSlukemif test $RC != 0 ; then 2262de962bdSlukem echo "ldapadd failed ($RC)!" 2272de962bdSlukem grep "$FAILURE" $TESTOUT 2282de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2292de962bdSlukem exit $RC 2302de962bdSlukemfi 2312de962bdSlukem 2322de962bdSlukemecho "Testing search: data merging..." 2332de962bdSlukem 2342de962bdSlukem$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 2352de962bdSlukem 2362de962bdSlukemRC=$? 2372de962bdSlukemif test $RC != 0 ; then 2382de962bdSlukem echo "ldapsearch failed ($RC)!" 2392de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2402de962bdSlukem exit $RC 2412de962bdSlukemfi 2422de962bdSlukem 243ef2f90d3Sadam$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 244ef2f90d3Sadam$LDIFFILTER < $LDIFTRANSLUCENTMERGED > $LDIFFLT 245ef2f90d3Sadam$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 2462de962bdSlukem 2472de962bdSlukemif test $? != 0 ; then 2482de962bdSlukem echo "Comparison failed -- local data failed to merge with remote!" 2492de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2502de962bdSlukem exit 1 2512de962bdSlukemfi 2522de962bdSlukem 2532de962bdSlukemecho "Testing compare: valid local..." 2542de962bdSlukem 2552de962bdSlukem$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 2562de962bdSlukem "uid=danger,ou=users,o=translucent" "carLicense:LIVID" 2572de962bdSlukem 2582de962bdSlukemRC=$? 2592de962bdSlukemif test $RC != 6 ; then 2602de962bdSlukem echo "ldapcompare failed ($RC), expected TRUE!" 2612de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2622de962bdSlukem exit 1 2632de962bdSlukemfi 2642de962bdSlukem 2652de962bdSlukemecho "Testing compare: valid remote..." 2662de962bdSlukem 2672de962bdSlukem$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 2682de962bdSlukem "uid=binder,o=translucent" "businessCategory:binder-test-user" 2692de962bdSlukem 2702de962bdSlukemRC=$? 2712de962bdSlukemif test $RC != 6 ; then 2722de962bdSlukem echo "ldapcompare failed ($RC), expected TRUE!" 2732de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2742de962bdSlukem exit 1 2752de962bdSlukemfi 2762de962bdSlukem 2772de962bdSlukemecho "Testing compare: bogus local..." 2782de962bdSlukem 2792de962bdSlukem$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 2802de962bdSlukem "uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value" 2812de962bdSlukem 2822de962bdSlukemRC=$? 2832de962bdSlukemif test $RC != 5 ; then 2842de962bdSlukem echo "ldapcompare failed ($RC), expected FALSE!" 2852de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2862de962bdSlukem exit 1 2872de962bdSlukemfi 2882de962bdSlukem 2892de962bdSlukemecho "Testing compare: bogus remote..." 2902de962bdSlukem 2912de962bdSlukem$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 2922de962bdSlukem "uid=binder,o=translucent" "businessCategory:invalid-test-value" 2932de962bdSlukem 2942de962bdSlukemRC=$? 2952de962bdSlukemif test $RC != 5 ; then 2962de962bdSlukem echo "ldapcompare failed ($RC), expected FALSE!" 2972de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 2982de962bdSlukem exit 1 2992de962bdSlukemfi 3002de962bdSlukem 3012de962bdSlukemecho "Testing modify: nonexistent record..." 3022de962bdSlukem 3032de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 3042de962bdSlukem $TESTOUT 2>&1 << EOF_MOD 3052de962bdSlukemversion: 1 3062de962bdSlukemdn: uid=bogus,ou=users,o=translucent 3072de962bdSlukemchangetype: modify 3082de962bdSlukemreplace: roomNumber 3092de962bdSlukemroomNumber: 31J-2112 3102de962bdSlukemEOF_MOD 3112de962bdSlukem 3122de962bdSlukemRC=$? 3132de962bdSlukemif test $RC != 32 ; then 3142de962bdSlukem echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" 3152de962bdSlukem grep "$FAILURE" $TESTOUT 3162de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3172de962bdSlukem exit 1 3182de962bdSlukemfi 3192de962bdSlukem 3202de962bdSlukemecho "Testing modify: valid local record, nonexistent attribute..." 3212de962bdSlukem 3222de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 3232de962bdSlukem $TESTOUT 2>&1 << EOF_MOD1 3242de962bdSlukemversion: 1 3252de962bdSlukemdn: uid=danger,ou=users,o=translucent 3262de962bdSlukemchangetype: modify 3272de962bdSlukemreplace: roomNumber 3282de962bdSlukemroomNumber: 9N-21 3292de962bdSlukemEOF_MOD1 3302de962bdSlukem 3312de962bdSlukemRC=$? 3322de962bdSlukemif test $RC != 0 ; then 3332de962bdSlukem echo "ldapmodify failed ($RC)!" 3342de962bdSlukem grep "$FAILURE" $TESTOUT 3352de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3362de962bdSlukem exit $RC 3372de962bdSlukemfi 3382de962bdSlukem 3392de962bdSlukem$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1 3402de962bdSlukem 3412de962bdSlukemRC=$? 3422de962bdSlukemif test $RC != 0 ; then 3432de962bdSlukem echo "ldapsearch failed ($RC)!" 3442de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3452de962bdSlukem exit $RC 3462de962bdSlukemfi 3472de962bdSlukem 3482de962bdSlukemATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 3492de962bdSlukemif test "$ATTR" != "roomNumber: 9N-21" ; then 3502de962bdSlukem echo "modification failed!" 3512de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3522de962bdSlukem exit 1 3532de962bdSlukemfi 3542de962bdSlukem 3552de962bdSlukemecho "Testing search: specific nonexistent remote attribute..." 3562de962bdSlukem 3572de962bdSlukem$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1 3582de962bdSlukem 3592de962bdSlukemRC=$? 3602de962bdSlukemif test $RC != 0 ; then 3612de962bdSlukem echo "ldapsearch failed ($RC)!" 3622de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3632de962bdSlukem exit $RC 3642de962bdSlukemfi 3652de962bdSlukem 3662de962bdSlukemecho "Testing modify: nonexistent local record, nonexistent attribute..." 3672de962bdSlukem 3682de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 3692de962bdSlukem $TESTOUT 2>&1 << EOF_MOD2 3702de962bdSlukemversion: 1 3712de962bdSlukemdn: uid=fred,ou=users,o=translucent 3722de962bdSlukemchangetype: modify 3732de962bdSlukemreplace: roomNumber 3742de962bdSlukemroomNumber: 31J-2112 3752de962bdSlukemEOF_MOD2 3762de962bdSlukem 3772de962bdSlukemRC=$? 3782de962bdSlukemif test $RC != 0 ; then 3792de962bdSlukem echo "ldapmodify failed ($RC)!" 3802de962bdSlukem grep "$FAILURE" $TESTOUT 3812de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3822de962bdSlukem exit $RC 3832de962bdSlukemfi 3842de962bdSlukem 3852de962bdSlukem$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 3862de962bdSlukem 3872de962bdSlukemRC=$? 3882de962bdSlukemif test $RC != 0 ; then 3892de962bdSlukem echo "ldapsearch failed ($RC)!" 3902de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3912de962bdSlukem exit $RC 3922de962bdSlukemfi 3932de962bdSlukem 3942de962bdSlukemATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 3952de962bdSlukemif test "$ATTR" != "roomNumber: 31J-2112" ; then 3962de962bdSlukem echo "modification failed!" 3972de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 3982de962bdSlukem exit 1 3992de962bdSlukemfi 4002de962bdSlukem 4012de962bdSlukemecho "Testing modify: valid remote record, nonexistent attribute..." 4022de962bdSlukem 4032de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 4042de962bdSlukem $TESTOUT 2>&1 << EOF_MOD9 4052de962bdSlukemversion: 1 4062de962bdSlukemdn: uid=fred,ou=users,o=translucent 4072de962bdSlukemchangetype: modify 4082de962bdSlukemdelete: preferredLanguage 4092de962bdSlukemEOF_MOD9 4102de962bdSlukem 4112de962bdSlukemRC=$? 4122de962bdSlukemif test $RC != 16 ; then 4132de962bdSlukem echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" 4142de962bdSlukem grep "$FAILURE" $TESTOUT 4152de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4162de962bdSlukem exit 1 4172de962bdSlukemfi 4182de962bdSlukem 4192de962bdSlukemecho "Testing delete: valid local record, nonexistent attribute..." 4202de962bdSlukem 4212de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 4222de962bdSlukem $TESTOUT 2>&1 << EOF_MOD4 4232de962bdSlukemversion: 1 4242de962bdSlukemdn: uid=fred,ou=users,o=translucent 4252de962bdSlukemchangetype: modify 4262de962bdSlukemdelete: roomNumber 4272de962bdSlukemEOF_MOD4 4282de962bdSlukem 4292de962bdSlukemRC=$? 4302de962bdSlukemif test $RC != 0 ; then 4312de962bdSlukem echo "ldapmodify failed ($RC)!" 4322de962bdSlukem grep "$FAILURE" $TESTOUT 4332de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4342de962bdSlukem exit $RC 4352de962bdSlukemfi 4362de962bdSlukem 4372de962bdSlukemecho "Testing modrdn: prohibited local record..." 4382de962bdSlukem 4392de962bdSlukem$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ 4402de962bdSlukem $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 4412de962bdSlukem 4422de962bdSlukemRC=$? 4432de962bdSlukemif test $RC != 50 ; then 4442de962bdSlukem echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!" 4452de962bdSlukem grep "$FAILURE" $TESTOUT 4462de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4472de962bdSlukem exit 1 4482de962bdSlukemfi 4492de962bdSlukem 4502de962bdSlukemecho "Testing modrdn: valid local record..." 4512de962bdSlukem 4522de962bdSlukem$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 4532de962bdSlukem $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 4542de962bdSlukem 4552de962bdSlukemRC=$? 4562de962bdSlukemif test $RC != 0 ; then 4572de962bdSlukem echo "ldapmodrdn failed ($RC)!" 4582de962bdSlukem grep "$FAILURE" $TESTOUT 4592de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4602de962bdSlukem exit $RC 4612de962bdSlukemfi 4622de962bdSlukem 4632de962bdSlukemecho "Testing delete: prohibited local record..." 4642de962bdSlukem 4652de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ 4662de962bdSlukem $TESTOUT 2>&1 << EOF_DEL2 4672de962bdSlukemversion: 1 4682de962bdSlukemdn: uid=someguy,ou=users,o=translucent 4692de962bdSlukemchangetype: delete 4702de962bdSlukemEOF_DEL2 4712de962bdSlukem 4722de962bdSlukemRC=$? 4732de962bdSlukemif test $RC != 50 ; then 4742de962bdSlukem echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" 4752de962bdSlukem grep "$FAILURE" $TESTOUT 4762de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4772de962bdSlukem exit 1 4782de962bdSlukemfi 4792de962bdSlukem 4802de962bdSlukemecho "Testing delete: valid local record..." 4812de962bdSlukem 4822de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 4832de962bdSlukem $TESTOUT 2>&1 << EOF_DEL3 4842de962bdSlukemversion: 1 4852de962bdSlukemdn: uid=someguy,ou=users,o=translucent 4862de962bdSlukemchangetype: delete 4872de962bdSlukemEOF_DEL3 4882de962bdSlukem 4892de962bdSlukemRC=$? 4902de962bdSlukemif test $RC != 0 ; then 4912de962bdSlukem echo "ldapmodify failed ($RC)!" 4922de962bdSlukem grep "$FAILURE" $TESTOUT 4932de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 4942de962bdSlukem exit $RC 4952de962bdSlukemfi 4962de962bdSlukem 4972de962bdSlukemecho "Testing delete: valid remote record..." 4982de962bdSlukem 4992de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 5002de962bdSlukem $TESTOUT 2>&1 << EOF_DEL8 5012de962bdSlukemversion: 1 5022de962bdSlukemdn: uid=fred,ou=users,o=translucent 5032de962bdSlukemchangetype: delete 5042de962bdSlukemEOF_DEL8 5052de962bdSlukem 5062de962bdSlukemRC=$? 5072de962bdSlukemif test $RC != 32 ; then 5082de962bdSlukem echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" 5092de962bdSlukem grep "$FAILURE" $TESTOUT 5102de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5112de962bdSlukem exit 1 5122de962bdSlukemfi 5132de962bdSlukem 5142de962bdSlukemecho "Testing delete: nonexistent local record, nonexistent attribute..." 5152de962bdSlukem 5162de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 5172de962bdSlukem $TESTOUT 2>&1 << EOF_DEL1 5182de962bdSlukemversion: 1 5192de962bdSlukemdn: uid=fred,ou=users,o=translucent 5202de962bdSlukemchangetype: modify 5212de962bdSlukemdelete: roomNumber 5222de962bdSlukemEOF_DEL1 5232de962bdSlukem 5242de962bdSlukemRC=$? 5252de962bdSlukemif test $RC != 0 ; then 5262de962bdSlukem echo "ldapmodify failed ($RC)!" 5272de962bdSlukem grep "$FAILURE" $TESTOUT 5282de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5292de962bdSlukem exit $RC 5302de962bdSlukemfi 5312de962bdSlukem 5322de962bdSlukem$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 5332de962bdSlukem 5342de962bdSlukemRC=$? 5352de962bdSlukemif test $RC != 0 ; then 5362de962bdSlukem echo "ldapsearch failed ($RC)!" 5372de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5382de962bdSlukem exit $RC 5392de962bdSlukemfi 5402de962bdSlukem 5412de962bdSlukemecho "Testing delete: valid local record, nonexistent attribute..." 5422de962bdSlukem 5432de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 5442de962bdSlukem $TESTOUT 2>&1 << EOF_MOD8 5452de962bdSlukemversion: 1 5462de962bdSlukemdn: uid=danger,ou=users,o=translucent 5472de962bdSlukemchangetype: modify 5482de962bdSlukemdelete: preferredLanguage 5492de962bdSlukemEOF_MOD8 5502de962bdSlukem 5512de962bdSlukemRC=$? 5522de962bdSlukemif test $RC != 16 ; then 5532de962bdSlukem echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" 5542de962bdSlukem grep "$FAILURE" $TESTOUT 5552de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5562de962bdSlukem exit 1 5572de962bdSlukemfi 5582de962bdSlukem 5592de962bdSlukemecho "Testing delete: valid local record, remote attribute..." 5602de962bdSlukem 5612de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 5622de962bdSlukem $TESTOUT 2>&1 << EOF_MOD8 5632de962bdSlukemversion: 1 5642de962bdSlukemdn: uid=danger,ou=users,o=translucent 5652de962bdSlukemchangetype: modify 5662de962bdSlukemdelete: initials 5672de962bdSlukemEOF_MOD8 5682de962bdSlukem 5692de962bdSlukemRC=$? 5702de962bdSlukemif test $RC != 0 ; then 5712de962bdSlukem echo "ldapmodify failed ($RC)" 5722de962bdSlukem grep "$FAILURE" $TESTOUT 5732de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5742de962bdSlukem exit 1 5752de962bdSlukemfi 5762de962bdSlukem 5772de962bdSlukemecho "Testing modify: valid remote record, combination add-modify-delete..." 5782de962bdSlukem 5792de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 5802de962bdSlukem $TESTOUT 2>&1 << EOF_MOD6 5812de962bdSlukemversion: 1 5822de962bdSlukemdn: uid=fred,ou=users,o=translucent 5832de962bdSlukemchangetype: modify 5842de962bdSlukemdelete: carLicense 5852de962bdSlukem- 5862de962bdSlukemadd: preferredLanguage 5872de962bdSlukempreferredLanguage: ISO8859-1 5882de962bdSlukem- 5892de962bdSlukemreplace: employeeType 5902de962bdSlukememployeeType: consultant 5912de962bdSlukemEOF_MOD6 5922de962bdSlukem 5932de962bdSlukemRC=$? 5942de962bdSlukemif test $RC != 0 ; then 5952de962bdSlukem echo "ldapmodify failed ($RC)!" 5962de962bdSlukem grep "$FAILURE" $TESTOUT 5972de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 5982de962bdSlukem exit $RC 5992de962bdSlukemfi 6002de962bdSlukem 6012de962bdSlukem$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 6022de962bdSlukem 6032de962bdSlukemRC=$? 6042de962bdSlukemif test $RC != 0 ; then 6052de962bdSlukem echo "ldapsearch failed ($RC)!" 6062de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6072de962bdSlukem exit $RC 6082de962bdSlukemfi 6092de962bdSlukem 6102de962bdSlukemATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1 6112de962bdSlukemif test "$ATTR" != "employeeType: consultant" ; then 6122de962bdSlukem echo "modification failed!" 6132de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6142de962bdSlukem exit 1 6152de962bdSlukemfi 6162de962bdSlukem 6172de962bdSlukemATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1 6182de962bdSlukemif test "$ATTR" != "preferredLanguage: ISO8859-1" ; then 6192de962bdSlukem echo "modification failed!" 6202de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6212de962bdSlukem exit 1 6222de962bdSlukemfi 6232de962bdSlukem 6242de962bdSlukemecho "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..." 6252de962bdSlukem 6262de962bdSlukem$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 6272de962bdSlukemdn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 6282de962bdSlukemchangetype: modify 6292de962bdSlukemreplace: olcTranslucentNoGlue 6302de962bdSlukemolcTranslucentNoGlue: TRUE 6312de962bdSlukem- 6322de962bdSlukemreplace: olcTranslucentStrict 6332de962bdSlukemolcTranslucentStrict: TRUE 6342de962bdSlukemEOF 6352de962bdSlukemRC=$? 6362de962bdSlukemif test $RC != 0 ; then 6372de962bdSlukem echo "ldapmodify of dynamic config failed ($RC)" 6382de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6392de962bdSlukem exit 1 6402de962bdSlukemfi 6412de962bdSlukem 6422de962bdSlukemecho "Testing strict mode delete: nonexistent local attribute..." 6432de962bdSlukem 6442de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 6452de962bdSlukem $TESTOUT 2>&1 << EOF_MOD5 6462de962bdSlukemversion: 1 6472de962bdSlukemdn: uid=example,ou=users,o=translucent 6482de962bdSlukemchangetype: modify 6492de962bdSlukemdelete: preferredLanguage 6502de962bdSlukemEOF_MOD5 6512de962bdSlukem 6522de962bdSlukemRC=$? 6532de962bdSlukemif test $RC != 19 ; then 6542de962bdSlukem echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 6552de962bdSlukem grep "$FAILURE" $TESTOUT 6562de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6572de962bdSlukem exit 1 6582de962bdSlukemfi 6592de962bdSlukem 6602de962bdSlukemecho "Testing strict mode delete: nonexistent remote attribute..." 6612de962bdSlukem 6622de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 6632de962bdSlukem $TESTOUT 2>&1 << EOF_MOD3 6642de962bdSlukemversion: 1 6652de962bdSlukemdn: uid=danger,ou=users,o=translucent 6662de962bdSlukemchangetype: modify 6672de962bdSlukemdelete: displayName 6682de962bdSlukemEOF_MOD3 6692de962bdSlukem 6702de962bdSlukemRC=$? 6712de962bdSlukemif test $RC != 19 ; then 6722de962bdSlukem echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 6732de962bdSlukem grep "$FAILURE" $TESTOUT 6742de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6752de962bdSlukem exit 1 6762de962bdSlukemfi 6772de962bdSlukem 6782de962bdSlukemecho "Testing strict mode modify: combination add-modify-delete..." 6792de962bdSlukem 6802de962bdSlukem$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 6812de962bdSlukem $TESTOUT 2>&1 << EOF_MOD6 6822de962bdSlukemversion: 1 6832de962bdSlukemdn: uid=example,ou=users,o=translucent 6842de962bdSlukemchangetype: modify 6852de962bdSlukemdelete: carLicense 6862de962bdSlukem- 6872de962bdSlukemadd: preferredLanguage 6882de962bdSlukempreferredLanguage: ISO8859-1 6892de962bdSlukem- 6902de962bdSlukemreplace: employeeType 6912de962bdSlukememployeeType: consultant 6922de962bdSlukemEOF_MOD6 6932de962bdSlukem 6942de962bdSlukemRC=$? 6952de962bdSlukemif test $RC != 19 ; then 6962de962bdSlukem echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 6972de962bdSlukem grep "$FAILURE" $TESTOUT 6982de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 6992de962bdSlukem exit 1 7002de962bdSlukemfi 7012de962bdSlukem 7022de962bdSlukemecho "Testing invalid Bind request..." 7032de962bdSlukem$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \ 7042de962bdSlukem $TESTOUT 2>&1 7052de962bdSlukemRC=$? 7062de962bdSlukemif test $RC != 49 ; then 7072de962bdSlukem echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!" 7082de962bdSlukem grep "$FAILURE" $TESTOUT 7092de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7102de962bdSlukem exit 1 7112de962bdSlukemfi 7122de962bdSlukem 7132de962bdSlukem$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \ 7142de962bdSlukem $TESTOUT 2>&1 7152de962bdSlukemRC=$? 7162de962bdSlukemif test $RC != 0 ; then 7172de962bdSlukem echo "ldapwhoami failed ($RC), expected SUCCESS!" 7182de962bdSlukem grep "$FAILURE" $TESTOUT 7192de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7202de962bdSlukem exit 1 7212de962bdSlukemfi 7222de962bdSlukem 7232de962bdSlukemecho "Testing search: unconfigured local filter..." 7242de962bdSlukem$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 7252de962bdSlukem 7262de962bdSlukemATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 7272de962bdSlukemif test -n "$ATTR" ; then 7282de962bdSlukem echo "got result $ATTR, should have been no result" 7292de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7302de962bdSlukem exit 1 7312de962bdSlukemfi 7322de962bdSlukem 7332de962bdSlukemecho "Dynamically configuring local slapd with translucent_local..." 7342de962bdSlukem 7352de962bdSlukem$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 7362de962bdSlukemdn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 7372de962bdSlukemchangetype: modify 7382de962bdSlukemadd: olcTranslucentLocal 7392de962bdSlukemolcTranslucentLocal: employeeType 7402de962bdSlukemEOF 7412de962bdSlukemRC=$? 7422de962bdSlukemif test $RC != 0 ; then 7432de962bdSlukem echo "ldapmodify of dynamic config failed ($RC)" 7442de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7452de962bdSlukem exit 1 7462de962bdSlukemfi 7472de962bdSlukem 7482de962bdSlukemecho "Testing search: configured local filter..." 7492de962bdSlukem$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 7502de962bdSlukem 7512de962bdSlukemATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 7522de962bdSlukemif test -z "$ATTR" ; then 7532de962bdSlukem echo "got no result, should have found entry" 7542de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7552de962bdSlukem exit 1 7562de962bdSlukemfi 7572de962bdSlukem 7582de962bdSlukemecho "Testing search: unconfigured remote filter..." 7592de962bdSlukem$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 7602de962bdSlukem 7612de962bdSlukemATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 7622de962bdSlukemif test -n "$ATTR" ; then 7632de962bdSlukem echo "got result $ATTR, should have been no result" 7642de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7652de962bdSlukem exit 1 7662de962bdSlukemfi 7672de962bdSlukem 7682de962bdSlukemecho "Dynamically configuring local slapd with translucent_remote..." 7692de962bdSlukem 7702de962bdSlukem$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 7712de962bdSlukemdn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 7722de962bdSlukemchangetype: modify 7732de962bdSlukemadd: olcTranslucentRemote 7742de962bdSlukemolcTranslucentRemote: carLicense 7752de962bdSlukemEOF 7762de962bdSlukemRC=$? 7772de962bdSlukemif test $RC != 0 ; then 7782de962bdSlukem echo "ldapmodify of dynamic config failed ($RC)" 7792de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7802de962bdSlukem exit 1 7812de962bdSlukemfi 7822de962bdSlukem 7832de962bdSlukemecho "Testing search: configured remote filter..." 7842de962bdSlukem$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 7852de962bdSlukem 7862de962bdSlukemATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 7872de962bdSlukemif test -z "$ATTR" ; then 7882de962bdSlukem echo "got no result, should have found entry" 7892de962bdSlukem test $KILLSERVERS != no && kill -HUP $KILLPIDS 7902de962bdSlukem exit 1 7912de962bdSlukemfi 7922de962bdSlukem 7932de962bdSlukemtest $KILLSERVERS != no && kill -HUP $KILLPIDS 7942de962bdSlukem 7952de962bdSlukemecho ">>>>> Test succeeded" 7962de962bdSlukem 7972de962bdSlukemtest $KILLSERVERS != no && wait 7982de962bdSlukem 7992de962bdSlukemexit 0 800