1648e71e5Schristos#! /bin/sh 2648e71e5Schristos# $OpenLDAP$ 3648e71e5Schristos## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4648e71e5Schristos## 5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation. 6648e71e5Schristos## All rights reserved. 7648e71e5Schristos## 8648e71e5Schristos## Redistribution and use in source and binary forms, with or without 9648e71e5Schristos## modification, are permitted only as authorized by the OpenLDAP 10648e71e5Schristos## Public License. 11648e71e5Schristos## 12648e71e5Schristos## A copy of this license is available in the file LICENSE in the 13648e71e5Schristos## top-level directory of the distribution or, alternatively, at 14648e71e5Schristos## <http://www.OpenLDAP.org/license.html>. 15648e71e5Schristos 16648e71e5SchristosPCACHETTL=${PCACHETTL-"1m"} 17648e71e5SchristosPCACHENTTL=${PCACHENTTL-"1m"} 18648e71e5SchristosPCACHESTTL=${PCACHESTTL-"1m"} 19648e71e5SchristosPCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"} 20648e71e5SchristosPCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"} 21648e71e5SchristosPCACHETTR=${PCACHETTR-"2"} 22648e71e5SchristosPCACHEBTTR=${PCACHEBTTR-"5"} 23648e71e5Schristos 24648e71e5Schristos. $SRCDIR/scripts/defines.sh 25648e71e5Schristos 26648e71e5SchristosLVL=0x100 27648e71e5Schristos 28648e71e5Schristosif test $PROXYCACHE = pcacheno; then 29648e71e5Schristos echo "Proxy cache overlay not available, test skipped" 30648e71e5Schristos exit 0 31648e71e5Schristosfi 32648e71e5Schristos 33648e71e5Schristosif test $BACKLDAP = "ldapno" ; then 34648e71e5Schristos echo "LDAP backend not available, test skipped" 35648e71e5Schristos exit 0 36648e71e5Schristosfi 37648e71e5Schristos 38648e71e5Schristosif test $BACKEND = ldif ; then 39648e71e5Schristos # The (mail=example.com*) queries hit a sizelimit, so which 40648e71e5Schristos # entry is returned depends on the ordering in the backend. 41648e71e5Schristos echo "Test does not support $BACKEND backend, test skipped" 42648e71e5Schristos exit 0 43648e71e5Schristosfi 44648e71e5Schristos 45648e71e5Schristosmkdir -p $TESTDIR $DBDIR1 $DBDIR2 46648e71e5Schristos 47648e71e5Schristos# Test proxy caching: 48*e670fd5cSchristos# - start provider 49648e71e5Schristos# - start proxy cache 50*e670fd5cSchristos# - populate provider 51648e71e5Schristos# - perform a first search 52648e71e5Schristos# - verify cacheability 53648e71e5Schristos# - perform a second search with the same filter and same user 54648e71e5Schristos# - verify answerability and cacheability of the bind 55648e71e5Schristos# - perform a third search with the same user but a different filter 56648e71e5Schristos# - verify cacheability of the bind and the non-answerability of the result 57648e71e5Schristos 58*e670fd5cSchristosecho "Starting provider slapd on TCP/IP port $PORT1..." 59*e670fd5cSchristos. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1 60648e71e5Schristos$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 61648e71e5SchristosPID=$! 62648e71e5Schristosif test $WAIT != 0 ; then 63648e71e5Schristos echo PID $PID 64648e71e5Schristos read foo 65648e71e5Schristosfi 66648e71e5SchristosKILLPIDS="$PID" 67648e71e5Schristos 68648e71e5Schristossleep 1 69648e71e5Schristos 70*e670fd5cSchristosecho "Using ldapsearch to check that provider slapd is running..." 71648e71e5Schristosfor i in 0 1 2 3 4 5; do 72*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 73648e71e5Schristos -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 74648e71e5Schristos RC=$? 75648e71e5Schristos if test $RC = 0 ; then 76648e71e5Schristos break 77648e71e5Schristos fi 78648e71e5Schristos echo "Waiting 5 seconds for slapd to start..." 79648e71e5Schristos sleep 5 80648e71e5Schristosdone 81648e71e5Schristos 82648e71e5Schristosif test $RC != 0 ; then 83648e71e5Schristos echo "ldapsearch failed ($RC)!" 84648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 85648e71e5Schristos exit $RC 86648e71e5Schristosfi 87648e71e5Schristos 88*e670fd5cSchristosecho "Using ldapadd to populate the provider directory..." 89*e670fd5cSchristos$LDAPADD -x -D "$MANAGERDN" -H $URI1 -w $PASSWD < \ 90648e71e5Schristos $LDIFORDERED > /dev/null 2>&1 91648e71e5SchristosRC=$? 92648e71e5Schristosif test $RC != 0 ; then 93648e71e5Schristos echo "ldapadd failed ($RC)!" 94648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 95648e71e5Schristos exit $RC 96648e71e5Schristosfi 97648e71e5Schristos 98648e71e5Schristosecho "Starting proxy cache on TCP/IP port $PORT2..." 99648e71e5Schristos. $CONFFILTER < $PROXYAUTHZCONF | sed \ 100648e71e5Schristos -e "s/@TTL@/${PCACHETTL}/" \ 101648e71e5Schristos -e "s/@NTTL@/${PCACHENTTL}/" \ 102648e71e5Schristos -e "s/@STTL@/${PCACHENTTL}/" \ 103648e71e5Schristos -e "s/@TTR@/${PCACHETTR}/" \ 104648e71e5Schristos -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/" \ 105648e71e5Schristos -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/" \ 106648e71e5Schristos -e "s/@BTTR@/${PCACHEBTTR}/" \ 107648e71e5Schristos > $CONF2 108648e71e5Schristos 109648e71e5Schristos$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & 110648e71e5SchristosCACHEPID=$! 111648e71e5Schristosif test $WAIT != 0 ; then 112648e71e5Schristos echo CACHEPID $CACHEPID 113648e71e5Schristos read foo 114648e71e5Schristosfi 115648e71e5SchristosKILLPIDS="$KILLPIDS $CACHEPID" 116648e71e5Schristos 117648e71e5Schristossleep 1 118648e71e5Schristos 119648e71e5Schristosecho "Using ldapsearch to check that proxy slapd is running..." 120648e71e5Schristosfor i in 0 1 2 3 4 5; do 121*e670fd5cSchristos $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 122648e71e5Schristos -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 123648e71e5Schristos RC=$? 124648e71e5Schristos if test $RC = 0 ; then 125648e71e5Schristos break 126648e71e5Schristos fi 127648e71e5Schristos echo "Waiting 5 seconds for slapd to start..." 128648e71e5Schristos sleep 5 129648e71e5Schristosdone 130648e71e5Schristos 131648e71e5Schristosif test $RC != 0 ; then 132648e71e5Schristos echo "ldapsearch failed ($RC)!" 133648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 134648e71e5Schristos exit $RC 135648e71e5Schristosfi 136648e71e5Schristos 137648e71e5Schristoscat /dev/null > $SEARCHOUT 138648e71e5Schristos 139648e71e5Schristosecho "Making queries on the proxy cache..." 140648e71e5SchristosCNT=0 141648e71e5Schristos 142648e71e5Schristos 143648e71e5SchristosCNT=`expr $CNT + 1` 144648e71e5SchristosUSERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 145648e71e5SchristosUPASSWD="jaj" 146648e71e5Schristosecho "Query $CNT: $USERDN" 147648e71e5Schristosecho "# Query $CNT: $USERDN" >> $SEARCHOUT 148648e71e5Schristos 149*e670fd5cSchristos$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 150648e71e5Schristos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 151648e71e5SchristosRC=$? 152648e71e5Schristos 153648e71e5Schristosif test $RC != 0 ; then 154648e71e5Schristos echo "ldapsearch failed ($RC)!" 155648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 156648e71e5Schristos exit $RC 157648e71e5Schristosfi 158648e71e5Schristos 159648e71e5Schristos# Check that the bind is cached 160648e71e5Schristosgrep "CACHING BIND for $USERDN" $LOG2 > /dev/null 161648e71e5Schristos 162648e71e5SchristosRC=$? 163648e71e5Schristosif test $RC != 0 ; then 164648e71e5Schristos echo "Refresh failed" 165648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 166648e71e5Schristos exit 1 167648e71e5Schristosfi 168648e71e5Schristos 169648e71e5SchristosCNT=`expr $CNT + 1` 170648e71e5SchristosUSERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 171648e71e5SchristosUPASSWD="jaj" 172648e71e5Schristosecho "Query $CNT: (Bind should be cached)" 173648e71e5Schristosecho "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 174648e71e5Schristos 175*e670fd5cSchristos$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 176648e71e5Schristos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 177648e71e5Schristos 178648e71e5SchristosRC=$? 179648e71e5Schristosif test $RC != 0 ; then 180648e71e5Schristos echo "ldapsearch failed ($RC)!" 181648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 182648e71e5Schristos exit $RC 183648e71e5Schristosfi 184648e71e5Schristos 185648e71e5Schristosgrep "CACHED BIND for $USERDN" $LOG2 > /dev/null 186648e71e5SchristosRC=$? 187648e71e5Schristosif test $RC != 0 ; then 188648e71e5Schristos echo "Refresh failed" 189648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 190648e71e5Schristos exit 1 191648e71e5Schristosfi 192648e71e5Schristos 193648e71e5SchristosCNT=`expr $CNT + 1` 194648e71e5SchristosUSERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 195648e71e5Schristos 196648e71e5Schristosecho "Query $CNT: (Bind should be cached)" 197648e71e5Schristosecho "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 198*e670fd5cSchristos$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 199648e71e5Schristos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 200648e71e5Schristos 201648e71e5SchristosRC=$? 202648e71e5Schristosif test $RC != 0 ; then 203648e71e5Schristos echo "ldapsearch failed ($RC)!" 204648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 205648e71e5Schristos exit $RC 206648e71e5Schristosfi 207648e71e5Schristos 208648e71e5SchristosRC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 209648e71e5Schristosif test $RC != 2 ; then 210648e71e5Schristos echo "Bind wasn't answered from cache" 211648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 212648e71e5Schristos exit 1 213648e71e5Schristosfi 214648e71e5Schristos 215648e71e5Schristosecho "=== New search on (sn=jo*)" 216648e71e5Schristoscat /dev/null > $SEARCHOUT 217648e71e5Schristosecho "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 218*e670fd5cSchristos$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 219648e71e5Schristos -D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT 220648e71e5Schristos 221648e71e5SchristosRC=$? 222648e71e5Schristosif test $RC != 0 ; then 223648e71e5Schristos echo "ldapsearch failed ($RC)!" 224648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS 225648e71e5Schristos exit $RC 226648e71e5Schristosfi 227648e71e5Schristos 228648e71e5SchristosRC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 229648e71e5Schristosif test $RC != 3 ; then 230648e71e5Schristos echo "Bind wasn't answered from cache" 231648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 232648e71e5Schristos exit 1 233648e71e5Schristosfi 234648e71e5Schristos 235648e71e5SchristosRC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l` 236648e71e5Schristosif test $RC != 3 ; then 237648e71e5Schristos echo "Search wasn't searched on remote peer" 238648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 239648e71e5Schristos exit 1 240648e71e5Schristosfi 241648e71e5Schristos 242648e71e5SchristosRC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l` 243648e71e5Schristosif test $RC != 1 ; then 244648e71e5Schristos echo "Search wasn't retrieved on remote peer" 245648e71e5Schristos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 246648e71e5Schristos exit 1 247648e71e5Schristosfi 248648e71e5Schristos 249648e71e5Schristosecho "Test succeeded" 250648e71e5Schristos 251648e71e5Schristostest $KILLSERVERS != no && kill -HUP $KILLPIDS 252648e71e5Schristos 253648e71e5Schristostest $KILLSERVERS != no && wait 254648e71e5Schristos 255648e71e5Schristosexit 0 256