xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test034-translucent (revision 404fbe5fb94ca1e054339640cabb2801ce52dd30) 
1#! /bin/sh
2# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.8.2.6 2008/02/11 23:26:51 kurt Exp $
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 2004-2008 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19PERSONAL="(objectClass=inetOrgPerson)"
20NOWHERE="/dev/null"
21FAILURE="additional info:"
22
23if test $TRANSLUCENT = translucentno ; then
24	echo "Translucent Proxy overlay not available, test skipped"
25	exit 0
26fi
27
28if test $AC_ldap = ldapno ; then
29	echo "Translucent Proxy overlay requires back-ldap backend, test skipped"
30	exit 0
31fi
32
33# configure backside
34mkdir -p $TESTDIR $DBDIR1
35
36$SLAPPASSWD -g -n >$CONFIGPWF
37echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
38
39if test $MONITORDB != no ; then
40	DBIX=2
41else
42	DBIX=1
43fi
44
45. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTREMOTECONF > $CONF1
46echo "Running slapadd to build remote slapd database..."
47$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG
48RC=$?
49if test $RC != 0 ; then
50	echo "slapadd failed ($RC)!"
51	exit $RC
52fi
53
54echo "Starting remote slapd on TCP/IP port $PORT1..."
55$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
56PID=$!
57if test $WAIT != 0 ; then
58    echo PID $PID
59    read foo
60fi
61REMOTEPID="$PID"
62KILLPIDS="$PID"
63
64sleep 1
65
66for i in 0 1 2 3 4 5; do
67	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
68		'objectclass=*' > /dev/null 2>&1
69	RC=$?
70	if test $RC = 0 ; then
71		break
72	fi
73	echo "Waiting 5 seconds for remote slapd to start..."
74	sleep 5
75done
76
77if test $RC != 0 ; then
78	echo "ldapsearch failed ($RC)!"
79	test $KILLSERVERS != no && kill -HUP $KILLPIDS
80	exit $RC
81fi
82
83# configure frontside
84mkdir -p $DBDIR2
85
86. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF > $CONF2
87
88echo "Starting local slapd on TCP/IP port $PORT2..."
89$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
90PID=$!
91if test $WAIT != 0 ; then
92    echo PID $PID
93    read foo
94fi
95LOCALPID="$PID"
96KILLPIDS="$LOCALPID $REMOTEPID"
97
98sleep 1
99
100for i in 0 1 2 3 4 5; do
101	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
102		'objectclass=*' > /dev/null 2>&1
103	RC=$?
104	if test $RC = 0 ; then
105		break
106	fi
107	echo "Waiting 5 seconds for local slapd to start..."
108	sleep 5
109done
110
111if test $RC != 0 ; then
112	echo "ldapsearch failed ($RC)!"
113	test $KILLSERVERS != no && kill -HUP $KILLPIDS
114	exit $RC
115fi
116
117echo "Testing slapd Translucent Proxy operations..."
118
119echo "Testing search: no remote data defined..."
120
121$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1
122
123RC=$?
124if test $RC != 0 ; then
125	echo "ldapsearch failed ($RC)!"
126	test $KILLSERVERS != no && kill -HUP $KILLPIDS
127	exit $RC
128fi
129
130if test -s $SEARCHOUT; then
131	echo "ldapsearch should have returned no records!"
132	test $KILLSERVERS != no && kill -HUP $KILLPIDS
133	exit 1
134fi
135
136echo "Populating remote database..."
137
138$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \
139	-w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1
140
141RC=$?
142if test $RC != 0 ; then
143	echo "ldapadd failed ($RC)!"
144	test $KILLSERVERS != no && kill -HUP $KILLPIDS
145	exit $RC
146fi
147
148echo "Testing search: remote database via local slapd..."
149
150$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
151
152RC=$?
153if test $RC != 0 ; then
154	echo "ldapsearch failed ($RC)!"
155	test $KILLSERVERS != no && kill -HUP $KILLPIDS
156	exit $RC
157fi
158
159. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
160. $LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT
161$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
162
163if test $? != 0 ; then
164	echo "Comparison failed -- corruption from remote to local!"
165	test $KILLSERVERS != no && kill -HUP $KILLPIDS
166	exit 1
167fi
168
169echo "Testing add: prohibited local record..."
170
171$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \
172	-w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
173
174RC=$?
175if test $RC != 50 ; then
176	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
177	grep "$FAILURE" $TESTOUT
178	test $KILLSERVERS != no && kill -HUP $KILLPIDS
179	exit 1
180fi
181
182echo "Testing add: valid local record, no_glue..."
183
184$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \
185	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
186
187RC=$?
188if test $RC != 32 ; then
189	echo "ldapadd failed ($RC), expected NO SUCH OBJECT!"
190	grep "$FAILURE" $TESTOUT
191	test $KILLSERVERS != no && kill -HUP $KILLPIDS
192	exit 1
193fi
194
195echo "Testing modrdn: valid local record, no_glue..."
196
197$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
198	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
199
200RC=$?
201if test $RC != 32 ; then
202	echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!"
203	grep "$FAILURE" $TESTOUT
204	test $KILLSERVERS != no && kill -HUP $KILLPIDS
205	exit 1
206fi
207
208echo "Dynamically configuring local slapd without translucent_no_glue..."
209
210$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
211dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
212changetype: modify
213replace: olcTranslucentNoGlue
214olcTranslucentNoGlue: FALSE
215EOF
216RC=$?
217if test $RC != 0 ; then
218    echo "ldapmodify of dynamic config failed ($RC)"
219    test $KILLSERVERS != no && kill -HUP $KILLPIDS
220    exit 1
221fi
222
223echo "Testing add: valid local record..."
224
225$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \
226	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
227
228RC=$?
229if test $RC != 0 ; then
230	echo "ldapadd failed ($RC)!"
231	grep "$FAILURE" $TESTOUT
232	test $KILLSERVERS != no && kill -HUP $KILLPIDS
233	exit $RC
234fi
235
236echo "Testing search: data merging..."
237
238$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
239
240RC=$?
241if test $RC != 0 ; then
242	echo "ldapsearch failed ($RC)!"
243	test $KILLSERVERS != no && kill -HUP $KILLPIDS
244	exit $RC
245fi
246
247. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
248$CMP $SEARCHFLT $LDIFTRANSLUCENTMERGED > $CMPOUT
249
250if test $? != 0 ; then
251	echo "Comparison failed -- local data failed to merge with remote!"
252	test $KILLSERVERS != no && kill -HUP $KILLPIDS
253	exit 1
254fi
255
256echo "Testing compare: valid local..."
257
258$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
259	"uid=danger,ou=users,o=translucent" "carLicense:LIVID"
260
261RC=$?
262if test $RC != 6 ; then
263	echo "ldapcompare failed ($RC), expected TRUE!"
264	test $KILLSERVERS != no && kill -HUP $KILLPIDS
265	exit 1
266fi
267
268echo "Testing compare: valid remote..."
269
270$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
271	"uid=binder,o=translucent" "businessCategory:binder-test-user"
272
273RC=$?
274if test $RC != 6 ; then
275	echo "ldapcompare failed ($RC), expected TRUE!"
276	test $KILLSERVERS != no && kill -HUP $KILLPIDS
277	exit 1
278fi
279
280echo "Testing compare: bogus local..."
281
282$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
283	"uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value"
284
285RC=$?
286if test $RC != 5 ; then
287	echo "ldapcompare failed ($RC), expected FALSE!"
288	test $KILLSERVERS != no && kill -HUP $KILLPIDS
289	exit 1
290fi
291
292echo "Testing compare: bogus remote..."
293
294$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
295	"uid=binder,o=translucent" "businessCategory:invalid-test-value"
296
297RC=$?
298if test $RC != 5 ; then
299	echo "ldapcompare failed ($RC), expected FALSE!"
300	test $KILLSERVERS != no && kill -HUP $KILLPIDS
301	exit 1
302fi
303
304echo "Testing modify: nonexistent record..."
305
306$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
307        $TESTOUT 2>&1 << EOF_MOD
308version: 1
309dn: uid=bogus,ou=users,o=translucent
310changetype: modify
311replace: roomNumber
312roomNumber: 31J-2112
313EOF_MOD
314
315RC=$?
316if test $RC != 32 ; then
317	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
318	grep "$FAILURE" $TESTOUT
319	test $KILLSERVERS != no && kill -HUP $KILLPIDS
320	exit 1
321fi
322
323echo "Testing modify: valid local record, nonexistent attribute..."
324
325$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
326        $TESTOUT 2>&1 << EOF_MOD1
327version: 1
328dn: uid=danger,ou=users,o=translucent
329changetype: modify
330replace: roomNumber
331roomNumber: 9N-21
332EOF_MOD1
333
334RC=$?
335if test $RC != 0 ; then
336	echo "ldapmodify failed ($RC)!"
337	grep "$FAILURE" $TESTOUT
338	test $KILLSERVERS != no && kill -HUP $KILLPIDS
339	exit $RC
340fi
341
342$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1
343
344RC=$?
345if test $RC != 0 ; then
346	echo "ldapsearch failed ($RC)!"
347	test $KILLSERVERS != no && kill -HUP $KILLPIDS
348	exit $RC
349fi
350
351ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
352if test "$ATTR" != "roomNumber: 9N-21" ; then
353	echo "modification failed!"
354	test $KILLSERVERS != no && kill -HUP $KILLPIDS
355	exit 1
356fi
357
358echo "Testing search: specific nonexistent remote attribute..."
359
360$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1
361
362RC=$?
363if test $RC != 0 ; then
364	echo "ldapsearch failed ($RC)!"
365	test $KILLSERVERS != no && kill -HUP $KILLPIDS
366	exit $RC
367fi
368
369echo "Testing modify: nonexistent local record, nonexistent attribute..."
370
371$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
372        $TESTOUT 2>&1 << EOF_MOD2
373version: 1
374dn: uid=fred,ou=users,o=translucent
375changetype: modify
376replace: roomNumber
377roomNumber: 31J-2112
378EOF_MOD2
379
380RC=$?
381if test $RC != 0 ; then
382	echo "ldapmodify failed ($RC)!"
383	grep "$FAILURE" $TESTOUT
384	test $KILLSERVERS != no && kill -HUP $KILLPIDS
385	exit $RC
386fi
387
388$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
389
390RC=$?
391if test $RC != 0 ; then
392	echo "ldapsearch failed ($RC)!"
393	test $KILLSERVERS != no && kill -HUP $KILLPIDS
394	exit $RC
395fi
396
397ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
398if test "$ATTR" != "roomNumber: 31J-2112" ; then
399	echo "modification failed!"
400	test $KILLSERVERS != no && kill -HUP $KILLPIDS
401	exit 1
402fi
403
404echo "Testing modify: valid remote record, nonexistent attribute..."
405
406$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
407        $TESTOUT 2>&1 << EOF_MOD9
408version: 1
409dn: uid=fred,ou=users,o=translucent
410changetype: modify
411delete: preferredLanguage
412EOF_MOD9
413
414RC=$?
415if test $RC != 16 ; then
416	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
417	grep "$FAILURE" $TESTOUT
418	test $KILLSERVERS != no && kill -HUP $KILLPIDS
419	exit 1
420fi
421
422echo "Testing delete: valid local record, nonexistent attribute..."
423
424$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
425        $TESTOUT 2>&1 << EOF_MOD4
426version: 1
427dn: uid=fred,ou=users,o=translucent
428changetype: modify
429delete: roomNumber
430EOF_MOD4
431
432RC=$?
433if test $RC != 0 ; then
434	echo "ldapmodify failed ($RC)!"
435	grep "$FAILURE" $TESTOUT
436	test $KILLSERVERS != no && kill -HUP $KILLPIDS
437	exit $RC
438fi
439
440echo "Testing modrdn: prohibited local record..."
441
442$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
443	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
444
445RC=$?
446if test $RC != 50 ; then
447	echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!"
448	grep "$FAILURE" $TESTOUT
449	test $KILLSERVERS != no && kill -HUP $KILLPIDS
450	exit 1
451fi
452
453echo "Testing modrdn: valid local record..."
454
455$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
456	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
457
458RC=$?
459if test $RC != 0 ; then
460	echo "ldapmodrdn failed ($RC)!"
461	grep "$FAILURE" $TESTOUT
462	test $KILLSERVERS != no && kill -HUP $KILLPIDS
463	exit $RC
464fi
465
466echo "Testing delete: prohibited local record..."
467
468$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
469        $TESTOUT 2>&1 << EOF_DEL2
470version: 1
471dn: uid=someguy,ou=users,o=translucent
472changetype: delete
473EOF_DEL2
474
475RC=$?
476if test $RC != 50 ; then
477	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
478	grep "$FAILURE" $TESTOUT
479	test $KILLSERVERS != no && kill -HUP $KILLPIDS
480	exit 1
481fi
482
483echo "Testing delete: valid local record..."
484
485$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
486        $TESTOUT 2>&1 << EOF_DEL3
487version: 1
488dn: uid=someguy,ou=users,o=translucent
489changetype: delete
490EOF_DEL3
491
492RC=$?
493if test $RC != 0 ; then
494	echo "ldapmodify failed ($RC)!"
495	grep "$FAILURE" $TESTOUT
496	test $KILLSERVERS != no && kill -HUP $KILLPIDS
497	exit $RC
498fi
499
500echo "Testing delete: valid remote record..."
501
502$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
503        $TESTOUT 2>&1 << EOF_DEL8
504version: 1
505dn: uid=fred,ou=users,o=translucent
506changetype: delete
507EOF_DEL8
508
509RC=$?
510if test $RC != 32 ; then
511	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
512	grep "$FAILURE" $TESTOUT
513	test $KILLSERVERS != no && kill -HUP $KILLPIDS
514	exit 1
515fi
516
517echo "Testing delete: nonexistent local record, nonexistent attribute..."
518
519$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
520        $TESTOUT 2>&1 << EOF_DEL1
521version: 1
522dn: uid=fred,ou=users,o=translucent
523changetype: modify
524delete: roomNumber
525EOF_DEL1
526
527RC=$?
528if test $RC != 0 ; then
529	echo "ldapmodify failed ($RC)!"
530	grep "$FAILURE" $TESTOUT
531	test $KILLSERVERS != no && kill -HUP $KILLPIDS
532	exit $RC
533fi
534
535$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
536
537RC=$?
538if test $RC != 0 ; then
539	echo "ldapsearch failed ($RC)!"
540	test $KILLSERVERS != no && kill -HUP $KILLPIDS
541	exit $RC
542fi
543
544echo "Testing delete: valid local record, nonexistent attribute..."
545
546$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
547        $TESTOUT 2>&1 << EOF_MOD8
548version: 1
549dn: uid=danger,ou=users,o=translucent
550changetype: modify
551delete: preferredLanguage
552EOF_MOD8
553
554RC=$?
555if test $RC != 16 ; then
556	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
557	grep "$FAILURE" $TESTOUT
558	test $KILLSERVERS != no && kill -HUP $KILLPIDS
559	exit 1
560fi
561
562echo "Testing delete: valid local record, remote attribute..."
563
564$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
565        $TESTOUT 2>&1 << EOF_MOD8
566version: 1
567dn: uid=danger,ou=users,o=translucent
568changetype: modify
569delete: initials
570EOF_MOD8
571
572RC=$?
573if test $RC != 0 ; then
574	echo "ldapmodify failed ($RC)"
575	grep "$FAILURE" $TESTOUT
576	test $KILLSERVERS != no && kill -HUP $KILLPIDS
577	exit 1
578fi
579
580echo "Testing modify: valid remote record, combination add-modify-delete..."
581
582$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
583        $TESTOUT 2>&1 << EOF_MOD6
584version: 1
585dn: uid=fred,ou=users,o=translucent
586changetype: modify
587delete: carLicense
588-
589add: preferredLanguage
590preferredLanguage: ISO8859-1
591-
592replace: employeeType
593employeeType: consultant
594EOF_MOD6
595
596RC=$?
597if test $RC != 0 ; then
598	echo "ldapmodify failed ($RC)!"
599	grep "$FAILURE" $TESTOUT
600	test $KILLSERVERS != no && kill -HUP $KILLPIDS
601	exit $RC
602fi
603
604$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
605
606RC=$?
607if test $RC != 0 ; then
608	echo "ldapsearch failed ($RC)!"
609	test $KILLSERVERS != no && kill -HUP $KILLPIDS
610	exit $RC
611fi
612
613ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1
614if test "$ATTR" != "employeeType: consultant" ; then
615	echo "modification failed!"
616	test $KILLSERVERS != no && kill -HUP $KILLPIDS
617	exit 1
618fi
619
620ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1
621if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then
622	echo "modification failed!"
623	test $KILLSERVERS != no && kill -HUP $KILLPIDS
624	exit 1
625fi
626
627echo "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..."
628
629$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
630dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
631changetype: modify
632replace: olcTranslucentNoGlue
633olcTranslucentNoGlue: TRUE
634-
635replace: olcTranslucentStrict
636olcTranslucentStrict: TRUE
637EOF
638RC=$?
639if test $RC != 0 ; then
640    echo "ldapmodify of dynamic config failed ($RC)"
641    test $KILLSERVERS != no && kill -HUP $KILLPIDS
642    exit 1
643fi
644
645echo "Testing strict mode delete: nonexistent local attribute..."
646
647$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
648        $TESTOUT 2>&1 << EOF_MOD5
649version: 1
650dn: uid=example,ou=users,o=translucent
651changetype: modify
652delete: preferredLanguage
653EOF_MOD5
654
655RC=$?
656if test $RC != 19 ; then
657	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
658	grep "$FAILURE" $TESTOUT
659	test $KILLSERVERS != no && kill -HUP $KILLPIDS
660	exit 1
661fi
662
663echo "Testing strict mode delete: nonexistent remote attribute..."
664
665$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
666        $TESTOUT 2>&1 << EOF_MOD3
667version: 1
668dn: uid=danger,ou=users,o=translucent
669changetype: modify
670delete: displayName
671EOF_MOD3
672
673RC=$?
674if test $RC != 19 ; then
675	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
676	grep "$FAILURE" $TESTOUT
677	test $KILLSERVERS != no && kill -HUP $KILLPIDS
678	exit 1
679fi
680
681echo "Testing strict mode modify: combination add-modify-delete..."
682
683$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
684        $TESTOUT 2>&1 << EOF_MOD6
685version: 1
686dn: uid=example,ou=users,o=translucent
687changetype: modify
688delete: carLicense
689-
690add: preferredLanguage
691preferredLanguage: ISO8859-1
692-
693replace: employeeType
694employeeType: consultant
695EOF_MOD6
696
697RC=$?
698if test $RC != 19 ; then
699	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
700	grep "$FAILURE" $TESTOUT
701	test $KILLSERVERS != no && kill -HUP $KILLPIDS
702	exit 1
703fi
704
705echo "Testing invalid Bind request..."
706$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \
707	$TESTOUT 2>&1
708RC=$?
709if test $RC != 49 ; then
710	echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!"
711	grep "$FAILURE" $TESTOUT
712	test $KILLSERVERS != no && kill -HUP $KILLPIDS
713	exit 1
714fi
715
716$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \
717	$TESTOUT 2>&1
718RC=$?
719if test $RC != 0 ; then
720	echo "ldapwhoami failed ($RC), expected SUCCESS!"
721	grep "$FAILURE" $TESTOUT
722	test $KILLSERVERS != no && kill -HUP $KILLPIDS
723	exit 1
724fi
725
726echo "Testing search: unconfigured local filter..."
727$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
728
729ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
730if test -n "$ATTR" ; then
731	echo "got result $ATTR, should have been no result"
732	test $KILLSERVERS != no && kill -HUP $KILLPIDS
733	exit 1
734fi
735
736echo "Dynamically configuring local slapd with translucent_local..."
737
738$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
739dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
740changetype: modify
741add: olcTranslucentLocal
742olcTranslucentLocal: employeeType
743EOF
744RC=$?
745if test $RC != 0 ; then
746    echo "ldapmodify of dynamic config failed ($RC)"
747    test $KILLSERVERS != no && kill -HUP $KILLPIDS
748    exit 1
749fi
750
751echo "Testing search: configured local filter..."
752$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
753
754ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
755if test -z "$ATTR" ; then
756	echo "got no result, should have found entry"
757	test $KILLSERVERS != no && kill -HUP $KILLPIDS
758	exit 1
759fi
760
761echo "Testing search: unconfigured remote filter..."
762$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
763
764ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
765if test -n "$ATTR" ; then
766	echo "got result $ATTR, should have been no result"
767	test $KILLSERVERS != no && kill -HUP $KILLPIDS
768	exit 1
769fi
770
771echo "Dynamically configuring local slapd with translucent_remote..."
772
773$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
774dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
775changetype: modify
776add: olcTranslucentRemote
777olcTranslucentRemote: carLicense
778EOF
779RC=$?
780if test $RC != 0 ; then
781    echo "ldapmodify of dynamic config failed ($RC)"
782    test $KILLSERVERS != no && kill -HUP $KILLPIDS
783    exit 1
784fi
785
786echo "Testing search: configured remote filter..."
787$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
788
789ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
790if test -z "$ATTR" ; then
791	echo "got no result, should have found entry"
792	test $KILLSERVERS != no && kill -HUP $KILLPIDS
793	exit 1
794fi
795
796test $KILLSERVERS != no && kill -HUP $KILLPIDS
797
798echo ">>>>> Test succeeded"
799
800test $KILLSERVERS != no && wait
801
802exit 0
803