xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test052-memberof (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $MEMBEROF = memberofno; then
20	echo "Memberof overlay not available, test skipped"
21	exit 0
22fi
23
24mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir
25
26$SLAPPASSWD -g -n >$CONFIGPWF
27echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
28
29echo "Starting slapd on TCP/IP port $PORT1..."
30. $CONFFILTER $BACKEND < $NAKEDCONF > $CONF1
31$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 &
32PID=$!
33if test $WAIT != 0 ; then
34    echo PID $PID
35    read foo
36fi
37KILLPIDS="$PID"
38
39sleep 1
40for i in 0 1 2 3 4 5; do
41	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
42		'objectclass=*' > /dev/null 2>&1
43	RC=$?
44	if test $RC = 0 ; then
45		break
46	fi
47	echo "Waiting 5 seconds for slapd to start..."
48	sleep 5
49done
50if test $RC != 0 ; then
51	echo "ldapsearch failed ($RC)!"
52	test $KILLSERVERS != no && kill -HUP $KILLPIDS
53	exit $RC
54fi
55
56cat /dev/null > $TESTOUT
57
58if [ "$MEMBEROF" = memberofmod ]; then
59	echo "Inserting memberof overlay on provider..."
60	$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
61dn: cn=module,cn=config
62objectClass: olcModuleList
63cn: module
64olcModulePath: ../servers/slapd/overlays
65olcModuleLoad: memberof.la
66EOF
67	RC=$?
68	if test $RC != 0 ; then
69		echo "ldapadd failed for moduleLoad ($RC)!"
70		test $KILLSERVERS != no && kill -HUP $KILLPIDS
71		exit $RC
72	fi
73fi
74
75indexInclude="" mainInclude="" nullExclude=""
76test $INDEXDB = indexdb	|| indexInclude="# "
77test $MAINDB  = maindb	|| mainInclude="# "
78case $BACKEND in
79null) nullExclude="# " ;;
80esac
81
82echo "Running ldapadd to build slapd config database..."
83$LDAPADD -H $URI1 -D 'cn=config' -w `cat $CONFIGPWF` \
84	>> $TESTOUT 2>&1 <<EOF
85dn: cn=symas group example,cn=schema,cn=config
86objectClass: olcSchemaConfig
87cn: symas group example
88olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 
89 NAME 'memberA' SUP distinguishedName )
90olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
91 NAME 'memberOfA' SUP distinguishedName )
92olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 
93 NAME 'memberB' SUP distinguishedName )
94olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 
95 NAME 'memberOfB' SUP distinguishedName )
96olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.5
97 NAME 'memberOfC' SUP distinguishedName )
98olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 
99 NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
100olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 
101 NAME 'groupMemberA' SUP top AUXILIARY MAY ( memberOfA $ memberOfC ) )
102olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 
103 NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
104olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 
105 NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )
106
107dn: olcDatabase={1}$BACKEND,cn=config
108objectClass: olcDatabaseConfig
109${nullExclude}objectClass: olc${BACKEND}Config
110olcDatabase: {1}$BACKEND
111olcSuffix: $BASEDN
112olcRootDN: cn=Manager,$BASEDN
113olcRootPW:: c2VjcmV0
114olcMonitoring: TRUE
115${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/
116${indexInclude}olcDbIndex: objectClass eq
117${indexInclude}olcDbIndex: cn pres,eq,sub
118${indexInclude}olcDbIndex: uid pres,eq,sub
119${indexInclude}olcDbIndex: sn pres,eq,sub
120${mainInclude}olcDbMode: 384"
121
122dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
123objectClass: olcOverlayConfig
124objectClass: olcMemberOfConfig
125olcOverlay: {0}memberof
126olcMemberOfRefInt: TRUE
127olcMemberOfGroupOC: groupOfNames
128olcMemberOfMemberAD: member
129olcMemberOfMemberOfAD: memberOf
130
131dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
132objectClass: olcOverlayConfig
133objectClass: olcMemberOfConfig
134olcOverlay: {1}memberof
135olcMemberOfRefInt: TRUE
136olcMemberOfGroupOC: groupA
137olcMemberOfMemberAD: memberA
138olcMemberOfMemberOfAD: memberOfA
139
140dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
141objectClass: olcOverlayConfig
142objectClass: olcMemberOfConfig
143olcOverlay: {2}memberof
144olcMemberOfRefInt: TRUE
145olcMemberOfGroupOC: groupB
146olcMemberOfMemberAD: memberB
147olcMemberOfMemberOfAD: memberOfB
148
149EOF
150RC=$?
151if test $RC != 0 ; then
152	echo "ldapadd failed ($RC)!"
153	test $KILLSERVERS != no && kill -HUP $KILLPIDS
154	exit $RC
155fi
156
157echo "Running ldapadd to build slapd database..."
158$LDAPADD -H $URI1 \
159	-D "cn=Manager,$BASEDN" -w secret \
160	>> $TESTOUT 2>&1 << EOF
161dn: $BASEDN
162objectClass: organization
163objectClass: dcObject
164o: Example, Inc.
165dc: example
166
167dn: ou=People,$BASEDN
168objectClass: organizationalUnit
169ou: People
170
171dn: ou=Groups,$BASEDN
172objectClass: organizationalUnit
173ou: Groups
174
175dn: cn=Roger Rabbit,ou=People,$BASEDN
176objectClass: inetOrgPerson
177cn: Roger Rabbit
178sn: Rabbit
179
180dn: cn=Baby Herman,ou=People,$BASEDN
181objectClass: inetOrgPerson
182cn: Baby Herman
183sn: Herman
184
185dn: cn=Cartoonia,ou=Groups,$BASEDN
186objectClass: groupOfNames
187cn: Cartoonia
188member: cn=Roger Rabbit,ou=People,$BASEDN
189member: cn=Baby Herman,ou=People,$BASEDN
190EOF
191RC=$?
192if test $RC != 0 ; then
193	echo "ldapadd failed ($RC)!"
194	test $KILLSERVERS != no && kill -HUP $KILLPIDS
195	exit $RC
196fi
197
198echo "Search the entire database..."
199echo "# Search the entire database..." >> $SEARCHOUT
200$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
201	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
202RC=$?
203if test $RC != 0 ; then
204	echo "ldapsearch failed ($RC)!"
205	test $KILLSERVERS != no && kill -HUP $KILLPIDS
206	exit $RC
207fi
208
209echo "Running ldapmodify to add a member..."
210$LDAPMODIFY -H $URI1 \
211	-D "cn=Manager,$BASEDN" -w secret \
212	>> $TESTOUT 2>&1 << EOF
213dn: cn=Jessica Rabbit,ou=People,$BASEDN
214changetype: add
215objectClass: inetOrgPerson
216cn: Jessica Rabbit
217sn: Rabbit
218
219dn: cn=Cartoonia,ou=Groups,$BASEDN
220changetype: modify
221add: member
222member: cn=Jessica Rabbit,ou=People,$BASEDN
223EOF
224
225echo "Re-search the entire database..."
226echo "# Re-search the entire database after adding Jessica Rabbit and Cartoonia..." >> $SEARCHOUT
227$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
228	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
229RC=$?
230if test $RC != 0 ; then
231	echo "ldapsearch failed ($RC)!"
232	test $KILLSERVERS != no && kill -HUP $KILLPIDS
233	exit $RC
234fi
235
236echo "Running ldapmodify to rename a member..."
237$LDAPMODIFY -H $URI1 \
238	-D "cn=Manager,$BASEDN" -w secret \
239	>> $TESTOUT 2>&1 << EOF
240dn: cn=Baby Herman,ou=People,$BASEDN
241changetype: modrdn
242newrdn: cn=Baby Herman Jr
243deleteoldrdn: 1
244EOF
245
246echo "Re-search the entire database..."
247echo "# Re-search the entire database after renaming Baby Herman..." >> $SEARCHOUT
248$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
249	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
250RC=$?
251if test $RC != 0 ; then
252	echo "ldapsearch failed ($RC)!"
253	test $KILLSERVERS != no && kill -HUP $KILLPIDS
254	exit $RC
255fi
256
257echo "Running ldapmodify to rename a group..."
258$LDAPMODIFY -H $URI1 \
259	-D "cn=Manager,$BASEDN" -w secret \
260	>> $TESTOUT 2>&1 << EOF
261dn: cn=Cartoonia,ou=Groups,$BASEDN
262changetype: modrdn
263newrdn: cn=Toon town
264deleteoldrdn: 1
265
266dn: cn=Toon town,ou=Groups,$BASEDN
267changetype: modrdn
268newrdn: cn=Toon Town
269deleteoldrdn: 1
270EOF
271
272echo "Re-search the entire database..."
273echo "# Re-search the entire database after renaming Cartoonia..." >> $SEARCHOUT
274$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
275	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
276RC=$?
277if test $RC != 0 ; then
278	echo "ldapsearch failed ($RC)!"
279	test $KILLSERVERS != no && kill -HUP $KILLPIDS
280	exit $RC
281fi
282
283echo "Running ldapmodify to add self..."
284$LDAPMODIFY -H $URI1 \
285	-D "cn=Manager,$BASEDN" -w secret \
286	>> $TESTOUT 2>&1 << EOF
287dn: cn=Toon Town,ou=Groups,$BASEDN
288changetype: modify
289add: member
290member: cn=Toon Town,ou=Groups,$BASEDN
291EOF
292
293echo "Re-search the entire database..."
294echo "# Re-search the entire database after adding Toon Town to self..." >> $SEARCHOUT
295$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
296	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
297RC=$?
298if test $RC != 0 ; then
299	echo "ldapsearch failed ($RC)!"
300	test $KILLSERVERS != no && kill -HUP $KILLPIDS
301	exit $RC
302fi
303
304echo "Running ldapdelete to remove a member..."
305$LDAPMODIFY -H $URI1 \
306	-D "cn=Manager,$BASEDN" -w secret \
307	>> $TESTOUT 2>&1 << EOF
308dn: cn=Baby Herman Jr,ou=People,$BASEDN
309changetype: delete
310EOF
311
312echo "Re-search the entire database..."
313echo "# Re-search the entire database after deleting Baby Herman..." >> $SEARCHOUT
314$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
315	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
316RC=$?
317if test $RC != 0 ; then
318	echo "ldapsearch failed ($RC)!"
319	test $KILLSERVERS != no && kill -HUP $KILLPIDS
320	exit $RC
321fi
322
323echo "Running ldapdelete to remove a group..."
324$LDAPMODIFY -H $URI1 \
325	-D "cn=Manager,$BASEDN" -w secret \
326	>> $TESTOUT 2>&1 << EOF
327dn: cn=Toon Town,ou=Groups,$BASEDN
328changetype: delete
329EOF
330
331echo "Re-search the entire database..."
332echo "# Re-search the entire database after deleting Toon Town..." >> $SEARCHOUT
333$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
334	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
335RC=$?
336if test $RC != 0 ; then
337	echo "ldapsearch failed ($RC)!"
338	test $KILLSERVERS != no && kill -HUP $KILLPIDS
339	exit $RC
340fi
341
342echo "Adding groups with MAY member type schemas..."
343$LDAPMODIFY -H $URI1 \
344	-D "cn=Manager,$BASEDN" -w secret \
345	>> $TESTOUT 2>&1 <<EOF
346dn: cn=Roger Rabbit,ou=People,$BASEDN
347changetype: delete
348
349dn: cn=Jessica Rabbit,ou=People,$BASEDN
350changetype: delete
351
352dn: cn=person1,ou=People,$BASEDN
353changetype: add
354objectClass: person
355objectClass: groupMemberA
356objectClass: groupMemberB
357cn: person1
358sn: person1
359
360dn: cn=person2,ou=People,$BASEDN
361changetype: add
362objectClass: person
363objectClass: groupMemberA
364objectClass: groupMemberB
365cn: person2
366sn: person2
367
368dn: cn=group1,ou=Groups,$BASEDN
369changetype: add
370objectclass: groupA
371cn: group1
372memberA: cn=person1,ou=People,$BASEDN
373memberA: cn=person2,ou=People,$BASEDN
374
375dn: cn=group2,ou=Groups,$BASEDN
376changetype: add
377objectclass: groupB
378cn: group2
379memberB: cn=person1,ou=People,$BASEDN
380memberB: cn=person2,ou=People,$BASEDN
381
382dn: cn=group1,ou=Groups,$BASEDN
383changetype: modify
384delete: memberA
385
386EOF
387
388echo "Re-search the entire database..."
389echo "# Re-search the entire database after adding groups with MAY member type schemas..." >> $SEARCHOUT
390$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
391	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
392RC=$?
393if test $RC != 0 ; then
394	echo "ldapsearch failed ($RC)!"
395	test $KILLSERVERS != no && kill -HUP $KILLPIDS
396	exit $RC
397fi
398
399echo "Running ldapmodify to reconfigure the schema used..."
400$LDAPADD -H $URI1 -D 'cn=config' -w `cat $CONFIGPWF` \
401	>> $TESTOUT 2>&1 <<EOF
402dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
403changetype: modify
404replace: olcMemberOfMemberOfAD
405olcMemberOfMemberOfAD: memberOfC
406
407EOF
408RC=$?
409if test $RC != 0 ; then
410	echo "ldapadd failed ($RC)!"
411	test $KILLSERVERS != no && kill -HUP $KILLPIDS
412	exit $RC
413fi
414
415echo "Updating groups to expose the new setting..."
416$LDAPMODIFY -H $URI1 \
417	-D "cn=Manager,$BASEDN" -w secret \
418	>> $TESTOUT 2>&1 <<EOF
419dn: cn=group1,ou=Groups,$BASEDN
420changetype: modify
421add: memberA
422memberA: cn=person1,ou=People,$BASEDN
423memberA: cn=person2,ou=People,$BASEDN
424
425EOF
426RC=$?
427if test $RC != 0 ; then
428	echo "ldapmodify failed ($RC)!"
429	test $KILLSERVERS != no && kill -HUP $KILLPIDS
430	exit $RC
431fi
432
433echo "Re-search the entire database..."
434echo "# Re-search the entire database after updating memberof configuration..." >> $SEARCHOUT
435$LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \
436	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
437RC=$?
438if test $RC != 0 ; then
439	echo "ldapsearch failed ($RC)!"
440	test $KILLSERVERS != no && kill -HUP $KILLPIDS
441	exit $RC
442fi
443
444test $KILLSERVERS != no && kill -HUP $KILLPIDS
445
446LDIF=$MEMBEROFOUT
447
448echo "Filtering ldapsearch results..."
449$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
450echo "Filtering original ldif used to create database..."
451$LDIFFILTER < $LDIF > $LDIFFLT
452echo "Comparing filter output..."
453$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
454
455if test $? != 0 ; then
456	echo "Comparison failed"
457	exit 1
458fi
459
460echo ">>>>> Test succeeded"
461
462test $KILLSERVERS != no && wait
463
464exit 0
465