xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test059-consumer-config (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $SYNCPROV = syncprovno; then
20	echo "Syncrepl provider overlay not available, test skipped"
21	exit 0
22fi
23
24CFPRO=$TESTDIR/cfpro.d
25CFCON=$TESTDIR/cfcon.d
26
27mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2A $CFPRO $CFCON
28
29$SLAPPASSWD -g -n >$CONFIGPWF
30
31if test x"$SYNCMODE" = x ; then
32	SYNCMODE=rp
33fi
34case "$SYNCMODE" in
35	ro)
36		SYNCTYPE="type=refreshOnly interval=00:00:00:03"
37		;;
38	rp)
39		SYNCTYPE="type=refreshAndPersist"
40		;;
41	*)
42		echo "unknown sync mode $SYNCMODE"
43		exit 1;
44		;;
45esac
46
47#
48# Test replication of dynamic config with alternate consumer config:
49# - start provider
50# - start consumer
51# - configure over ldap
52# - populate over ldap
53# - configure syncrepl over ldap
54# - retrieve database over ldap and compare against expected results
55#
56
57echo "Starting provider slapd on TCP/IP port $PORT1..."
58. $CONFFILTER $BACKEND < $DYNAMICCONF > $CONFLDIF
59$SLAPADD -F $CFPRO -n 0 -l $CONFLDIF
60$SLAPD -F $CFPRO -h $URI1 -d $LVL > $LOG1 2>&1 &
61PID=$!
62if test $WAIT != 0 ; then
63    echo PID $PID
64    read foo
65fi
66KILLPIDS="$PID"
67
68sleep 1
69
70echo "Using ldapsearch to check that provider slapd is running..."
71for i in 0 1 2 3 4 5; do
72	$LDAPSEARCH -s base -b "" -H $URI1 \
73		'objectclass=*' > /dev/null 2>&1
74	RC=$?
75	if test $RC = 0 ; then
76		break
77	fi
78	echo "Waiting 5 seconds for slapd to start..."
79	sleep 5
80done
81
82if test $RC != 0 ; then
83	echo "ldapsearch failed ($RC)!"
84	test $KILLSERVERS != no && kill -HUP $KILLPIDS
85	exit $RC
86fi
87
88echo "Inserting syncprov overlay on provider..."
89if [ "$SYNCPROV" = syncprovmod ]; then
90	$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
91dn: cn=module,cn=config
92objectClass: olcModuleList
93cn: module
94olcModulePath: ../servers/slapd/overlays
95olcModuleLoad: syncprov.la
96EOF
97	RC=$?
98	if test $RC != 0 ; then
99		echo "ldapadd failed for moduleLoad ($RC)!"
100		test $KILLSERVERS != no && kill -HUP $KILLPIDS
101		exit $RC
102	fi
103fi
104read CONFIGPW < $CONFIGPWF
105$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
106dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
107changetype: add
108objectClass: olcOverlayConfig
109objectClass: olcSyncProvConfig
110olcOverlay: syncprov
111EOF
112RC=$?
113if test $RC != 0 ; then
114	echo "ldapmodify failed for syncprov config ($RC)!"
115	test $KILLSERVERS != no && kill -HUP $KILLPIDS
116	exit $RC
117fi
118
119# Consumers will not replicate the provider's actual cn=config.
120# Instead, they will use an alternate DB so that they may be
121# configured differently from the provider. This alternate DB
122# will also be a consumer for the real cn=schema,cn=config tree.
123# It has multi-provider enabled so that it can be written directly
124# while being a consumer of the main schema.
125echo "Configuring consumer config DB on provider..."
126$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
127dn: cn=config
128changetype: modify
129add: olcServerID
130olcServerID: 1
131
132dn: olcDatabase={1}ldif,cn=config
133changetype: add
134objectClass: olcDatabaseConfig
135objectClass: olcLdifConfig
136olcDatabase: {1}ldif
137olcDbDirectory: $DBDIR1A
138olcSuffix: cn=config,cn=consumer
139olcRootDN: cn=config,cn=consumer
140olcRootPW: repsecret
141olcAccess: to * by dn.base="cn=config" write
142
143dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config
144changetype: add
145objectClass: olcOverlayConfig
146objectClass: olcSyncProvConfig
147olcOverlay: syncprov
148
149dn: cn=config,cn=consumer
150changetype: add
151objectClass: olcGlobal
152cn: consumerconfig
153
154dn: olcDatabase={0}config,cn=config,cn=consumer
155changetype: add
156objectClass: olcDatabaseConfig
157olcDatabase: {0}config
158olcRootPW: topsecret
159olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer"
160  bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer"
161  $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config"
162olcUpdateRef: $URI1
163
164dn: olcDatabase={1}ldif,cn=config
165changetype: modify
166add: olcSyncrepl
167olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config"
168  bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config"
169  $SYNCTYPE retry="3 5 300 5" timeout=3
170  suffixmassage="cn=schema,cn=config,cn=consumer"
171-
172add: olcMultiProvider
173olcMultiProvider: TRUE
174
175EOF
176RC=$?
177if test $RC != 0 ; then
178	echo "ldapmodify failed for consumer DB config ($RC)!"
179	test $KILLSERVERS != no && kill -HUP $KILLPIDS
180	exit $RC
181fi
182
183echo "Starting consumer slapd on TCP/IP port $PORT2..."
184$SLAPADD -F $CFCON -n 0 -l $CONFLDIF
185$SLAPD -F $CFCON -h $URI2 -d $LVL > $LOG2 2>&1 &
186CONSUMERPID=$!
187if test $WAIT != 0 ; then
188    echo CONSUMERPID $CONSUMERPID
189    read foo
190fi
191KILLPIDS="$KILLPIDS $CONSUMERPID"
192
193sleep 1
194
195echo "Using ldapsearch to check that consumer slapd is running..."
196for i in 0 1 2 3 4 5; do
197	$LDAPSEARCH -s base -b "" -H $URI2 \
198		'objectclass=*' > /dev/null 2>&1
199	RC=$?
200	if test $RC = 0 ; then
201		break
202	fi
203	echo "Waiting 5 seconds for slapd to start..."
204	sleep 5
205done
206
207if test $RC != 0 ; then
208	echo "ldapsearch failed ($RC)!"
209	test $KILLSERVERS != no && kill -HUP $KILLPIDS
210	exit $RC
211fi
212
213echo "Configuring syncrepl on consumer..."
214$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
215dn: olcDatabase={0}config,cn=config
216changetype: modify
217add: olcSyncRepl
218olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer"
219  bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer"
220  $SYNCTYPE retry="3 5 300 5" timeout=3
221  suffixmassage="cn=config"
222-
223add: olcUpdateRef
224olcUpdateRef: $URI1
225EOF
226
227sleep 1
228
229echo "Using ldapsearch to check that syncrepl received config changes..."
230RC=32
231for i in 0 1 2 3 4 5; do
232	RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \
233		-s base -b "olcDatabase={0}config,cn=config" \
234		'(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
235	if test "x$RESULT" = "xOK" ; then
236		RC=0
237		break
238	fi
239	echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
240	sleep $SLEEP1
241done
242
243if test $RC != 0 ; then
244	echo "ldapsearch failed ($RC)!"
245	test $KILLSERVERS != no && kill -HUP $KILLPIDS
246	exit $RC
247fi
248
249echo "Adding schema and databases on provider..."
250$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
251include: file://$ABS_SCHEMADIR/core.ldif
252
253include: file://$ABS_SCHEMADIR/cosine.ldif
254
255include: file://$ABS_SCHEMADIR/inetorgperson.ldif
256
257include: file://$ABS_SCHEMADIR/openldap.ldif
258
259include: file://$ABS_SCHEMADIR/nis.ldif
260EOF
261RC=$?
262if test $RC != 0 ; then
263	echo "ldapadd failed for schema config ($RC)!"
264	test $KILLSERVERS != no && kill -HUP $KILLPIDS
265	exit $RC
266fi
267
268echo "Using ldapsearch to check that syncrepl received the schema changes..."
269RC=32
270for i in 0 1 2 3 4 5; do
271	RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \
272		-s sub -b "cn=schema,cn=config" \
273		'(cn=*openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'`
274	if test "x$RESULT" = "xOK" ; then
275		RC=0
276		break
277	fi
278	echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
279	sleep $SLEEP1
280done
281
282nullExclude="" nullOK=""
283test $BACKEND = null && nullExclude="# " nullOK="OK"
284
285if [ "$BACKENDTYPE" = mod ]; then
286	$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
287dn: cn=module,cn=config
288objectClass: olcModuleList
289cn: module
290olcModulePath: ../servers/slapd/back-$BACKEND
291olcModuleLoad: back_$BACKEND.la
292
293dn: cn=module,cn=config,cn=consumer
294objectClass: olcModuleList
295cn: module
296olcModulePath: ../servers/slapd/back-$BACKEND
297olcModuleLoad: back_$BACKEND.la
298EOF
299	RC=$?
300	if test $RC != 0 ; then
301		echo "ldapadd failed for backend config ($RC)!"
302		test $KILLSERVERS != no && kill -HUP $KILLPIDS
303		exit $RC
304	fi
305fi
306
307$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
308dn: olcDatabase={2}$BACKEND,cn=config
309objectClass: olcDatabaseConfig
310${nullExclude}objectClass: olc${BACKEND}Config
311olcDatabase: {2}$BACKEND
312olcSuffix: $BASEDN
313${nullExclude}olcDbDirectory: $DBDIR1B
314olcRootDN: $MANAGERDN
315olcRootPW: $PASSWD
316olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
317  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
318  retry="3 5 300 5" timeout=3
319olcUpdateRef: $URI1
320
321dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config
322changetype: add
323objectClass: olcOverlayConfig
324objectClass: olcSyncProvConfig
325olcOverlay: syncprov
326
327dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer
328objectClass: olcDatabaseConfig
329${nullExclude}objectClass: olc${BACKEND}Config
330olcDatabase: {1}$BACKEND
331olcSuffix: $BASEDN
332${nullExclude}olcDbDirectory: $DBDIR2A
333olcRootDN: $MANAGERDN
334olcRootPW: $PASSWD
335olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
336  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
337  retry="3 5 300 5" timeout=3
338olcUpdateRef: $URI1
339
340EOF
341RC=$?
342if test $RC != 0 ; then
343	echo "ldapadd failed for database config ($RC)!"
344	test $KILLSERVERS != no && kill -HUP $KILLPIDS
345	exit $RC
346fi
347
348if test $INDEXDB = indexdb ; then
349	$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
350dn: olcDatabase={2}$BACKEND,cn=config
351changetype: modify
352add: olcDbIndex
353olcDbIndex: objectClass,entryUUID,entryCSN eq
354olcDbIndex: cn,uid pres,eq,sub
355EOF
356	RC=$?
357	if test $RC != 0 ; then
358		echo "ldapadd modify for database config ($RC)!"
359		test $KILLSERVERS != no && kill -HUP $KILLPIDS
360		exit $RC
361	fi
362fi
363
364echo "Using ldapadd to populate provider..."
365$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
366	>> $TESTOUT 2>&1
367RC=$?
368if test $RC != 0 ; then
369	echo "ldapadd failed for database config ($RC)!"
370	test $KILLSERVERS != no && kill -HUP $KILLPIDS
371	exit $RC
372fi
373
374echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
375sleep $SLEEP1
376
377echo "Using ldapsearch to check that syncrepl received database changes..."
378RC=32
379for i in 0 1 2 3 4 5; do
380	RESULT=`$LDAPSEARCH -H $URI2 \
381		-s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \
382		'(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
383	if test "x$RESULT$nullOK" = "xOK" ; then
384		RC=0
385		break
386	fi
387	echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
388	sleep $SLEEP1
389done
390
391if test $RC != 0 ; then
392	echo "ldapsearch failed ($RC)!"
393	test $KILLSERVERS != no && kill -HUP $KILLPIDS
394	exit $RC
395fi
396
397echo "Using ldapsearch to read all the entries from the provider..."
398$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD  \
399	'objectclass=*' > $PROVIDEROUT 2>&1
400RC=$?
401
402if test $RC != 0 ; then
403	echo "ldapsearch failed at provider ($RC)!"
404	test $KILLSERVERS != no && kill -HUP $KILLPIDS
405	exit $RC
406fi
407
408echo "Using ldapsearch to read all the entries from the consumer..."
409$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD  \
410	'objectclass=*' > $CONSUMEROUT 2>&1
411RC=$?
412
413if test $RC != 0 ; then
414	echo "ldapsearch failed at consumer ($RC)!"
415	test $KILLSERVERS != no && kill -HUP $KILLPIDS
416	exit $RC
417fi
418
419test $KILLSERVERS != no && kill -HUP $KILLPIDS
420
421echo "Filtering provider results..."
422$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT
423echo "Filtering consumer results..."
424$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT
425
426echo "Comparing retrieved entries from provider and consumer..."
427$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT
428
429if test $? != 0 ; then
430	echo "test failed - provider and consumer databases differ"
431	exit 1
432fi
433
434echo ">>>>> Test succeeded"
435
436test $KILLSERVERS != no && wait
437
438exit 0
439