xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test069-delta-multiprovider-starttls (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1*e670fd5cSchristos#! /bin/sh
2*e670fd5cSchristos# $OpenLDAP$
3*e670fd5cSchristos## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4*e670fd5cSchristos##
5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation.
6*e670fd5cSchristos## All rights reserved.
7*e670fd5cSchristos##
8*e670fd5cSchristos## Redistribution and use in source and binary forms, with or without
9*e670fd5cSchristos## modification, are permitted only as authorized by the OpenLDAP
10*e670fd5cSchristos## Public License.
11*e670fd5cSchristos##
12*e670fd5cSchristos## A copy of this license is available in the file LICENSE in the
13*e670fd5cSchristos## top-level directory of the distribution or, alternatively, at
14*e670fd5cSchristos## <http://www.OpenLDAP.org/license.html>.
15*e670fd5cSchristos
16*e670fd5cSchristosecho "running defines.sh"
17*e670fd5cSchristos. $SRCDIR/scripts/defines.sh
18*e670fd5cSchristos
19*e670fd5cSchristosif test $WITH_TLS = no ; then
20*e670fd5cSchristos        echo "TLS support not available, test skipped"
21*e670fd5cSchristos        exit 0
22*e670fd5cSchristosfi
23*e670fd5cSchristos
24*e670fd5cSchristosif test $SYNCPROV = syncprovno; then
25*e670fd5cSchristos	echo "Syncrepl provider overlay not available, test skipped"
26*e670fd5cSchristos	exit 0
27*e670fd5cSchristosfi
28*e670fd5cSchristosif test $ACCESSLOG = accesslogno; then
29*e670fd5cSchristos	echo "Accesslog overlay not available, test skipped"
30*e670fd5cSchristos	exit 0
31*e670fd5cSchristosfi
32*e670fd5cSchristos
33*e670fd5cSchristosMMR=2
34*e670fd5cSchristos
35*e670fd5cSchristosXDIR=$TESTDIR/srv
36*e670fd5cSchristosTMP=$TESTDIR/tmp
37*e670fd5cSchristos
38*e670fd5cSchristosmkdir -p $TESTDIR
39*e670fd5cSchristoscp -r $DATADIR/tls $TESTDIR
40*e670fd5cSchristos
41*e670fd5cSchristos$SLAPPASSWD -g -n >$CONFIGPWF
42*e670fd5cSchristos
43*e670fd5cSchristosif test x"$SYNCMODE" = x ; then
44*e670fd5cSchristos	SYNCMODE=rp
45*e670fd5cSchristosfi
46*e670fd5cSchristoscase "$SYNCMODE" in
47*e670fd5cSchristos	ro)
48*e670fd5cSchristos		SYNCTYPE="type=refreshOnly interval=00:00:00:03"
49*e670fd5cSchristos		;;
50*e670fd5cSchristos	rp)
51*e670fd5cSchristos		SYNCTYPE="type=refreshAndPersist interval=00:00:00:03"
52*e670fd5cSchristos		;;
53*e670fd5cSchristos	*)
54*e670fd5cSchristos		echo "unknown sync mode $SYNCMODE"
55*e670fd5cSchristos		exit 1;
56*e670fd5cSchristos		;;
57*e670fd5cSchristosesac
58*e670fd5cSchristos
59*e670fd5cSchristos#
60*e670fd5cSchristos# Test delta-sync mmr
61*e670fd5cSchristos# - start servers
62*e670fd5cSchristos# - configure over ldap
63*e670fd5cSchristos# - populate over ldap
64*e670fd5cSchristos# - configure syncrepl over ldap
65*e670fd5cSchristos# - break replication
66*e670fd5cSchristos# - modify each server separately
67*e670fd5cSchristos# - restore replication
68*e670fd5cSchristos# - compare results
69*e670fd5cSchristos#
70*e670fd5cSchristos
71*e670fd5cSchristosnullExclude=""
72*e670fd5cSchristostest $BACKEND = null && nullExclude="# "
73*e670fd5cSchristos
74*e670fd5cSchristosKILLPIDS=
75*e670fd5cSchristos
76*e670fd5cSchristosecho "Initializing server configurations..."
77*e670fd5cSchristosn=1
78*e670fd5cSchristoswhile [ $n -le $MMR ]; do
79*e670fd5cSchristos
80*e670fd5cSchristosDBDIR=${XDIR}$n/db
81*e670fd5cSchristosCFDIR=${XDIR}$n/slapd.d
82*e670fd5cSchristos
83*e670fd5cSchristosmkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
84*e670fd5cSchristos
85*e670fd5cSchristoso=`expr 3 - $n`
86*e670fd5cSchristoscat > $TMP <<EOF
87*e670fd5cSchristosdn: cn=config
88*e670fd5cSchristosobjectClass: olcGlobal
89*e670fd5cSchristoscn: config
90*e670fd5cSchristosolcServerID: $n
91*e670fd5cSchristosolcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
92*e670fd5cSchristosolcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key
93*e670fd5cSchristos
94*e670fd5cSchristosEOF
95*e670fd5cSchristos
96*e670fd5cSchristosif [ "$SYNCPROV" = syncprovmod -o "$ACCESSLOG" = accesslogmod ]; then
97*e670fd5cSchristos  cat <<EOF >> $TMP
98*e670fd5cSchristosdn: cn=module,cn=config
99*e670fd5cSchristosobjectClass: olcModuleList
100*e670fd5cSchristoscn: module
101*e670fd5cSchristosolcModulePath: $TESTWD/../servers/slapd/overlays
102*e670fd5cSchristosEOF
103*e670fd5cSchristos  if [ "$SYNCPROV" = syncprovmod ]; then
104*e670fd5cSchristos  echo "olcModuleLoad: syncprov.la" >> $TMP
105*e670fd5cSchristos  fi
106*e670fd5cSchristos  if [ "$ACCESSLOG" = accesslogmod ]; then
107*e670fd5cSchristos  echo "olcModuleLoad: accesslog.la" >> $TMP
108*e670fd5cSchristos  fi
109*e670fd5cSchristos  echo "" >> $TMP
110*e670fd5cSchristosfi
111*e670fd5cSchristos
112*e670fd5cSchristosif [ "$BACKENDTYPE" = mod ]; then
113*e670fd5cSchristoscat <<EOF >> $TMP
114*e670fd5cSchristosdn: cn=module,cn=config
115*e670fd5cSchristosobjectClass: olcModuleList
116*e670fd5cSchristoscn: module
117*e670fd5cSchristosolcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
118*e670fd5cSchristosolcModuleLoad: back_$BACKEND.la
119*e670fd5cSchristos
120*e670fd5cSchristosEOF
121*e670fd5cSchristosfi
122*e670fd5cSchristosMYURI=`eval echo '$URI'$n`
123*e670fd5cSchristosPROVIDERURI=`eval echo '$URIP'$o`
124*e670fd5cSchristosif test $INDEXDB = indexdb ; then
125*e670fd5cSchristosINDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq"
126*e670fd5cSchristosINDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq"
127*e670fd5cSchristoselse
128*e670fd5cSchristosINDEX1=
129*e670fd5cSchristosINDEX2=
130*e670fd5cSchristosfi
131*e670fd5cSchristoscat >> $TMP <<EOF
132*e670fd5cSchristosdn: cn=schema,cn=config
133*e670fd5cSchristosobjectclass: olcSchemaconfig
134*e670fd5cSchristoscn: schema
135*e670fd5cSchristos
136*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/core.ldif
137*e670fd5cSchristos
138*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/cosine.ldif
139*e670fd5cSchristos
140*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/inetorgperson.ldif
141*e670fd5cSchristos
142*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/openldap.ldif
143*e670fd5cSchristos
144*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/nis.ldif
145*e670fd5cSchristos
146*e670fd5cSchristosdn: olcDatabase={0}config,cn=config
147*e670fd5cSchristosobjectClass: olcDatabaseConfig
148*e670fd5cSchristosolcDatabase: {0}config
149*e670fd5cSchristosolcRootPW:< file://$CONFIGPWF
150*e670fd5cSchristos
151*e670fd5cSchristosdn: olcDatabase={1}$BACKEND,cn=config
152*e670fd5cSchristosobjectClass: olcDatabaseConfig
153*e670fd5cSchristos${nullExclude}objectClass: olc${BACKEND}Config
154*e670fd5cSchristosolcDatabase: {1}$BACKEND
155*e670fd5cSchristosolcSuffix: cn=log
156*e670fd5cSchristos${nullExclude}olcDbDirectory: ${DBDIR}.1
157*e670fd5cSchristosolcRootDN: $MANAGERDN
158*e670fd5cSchristos$INDEX1
159*e670fd5cSchristos
160*e670fd5cSchristosdn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
161*e670fd5cSchristosobjectClass: olcOverlayConfig
162*e670fd5cSchristosobjectClass: olcSyncProvConfig
163*e670fd5cSchristosolcOverlay: syncprov
164*e670fd5cSchristosolcSpNoPresent: TRUE
165*e670fd5cSchristosolcSpReloadHint: TRUE
166*e670fd5cSchristos
167*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
168*e670fd5cSchristosobjectClass: olcDatabaseConfig
169*e670fd5cSchristos${nullExclude}objectClass: olc${BACKEND}Config
170*e670fd5cSchristosolcDatabase: {2}$BACKEND
171*e670fd5cSchristosolcSuffix: $BASEDN
172*e670fd5cSchristos${nullExclude}olcDbDirectory: ${DBDIR}.2
173*e670fd5cSchristosolcRootDN: $MANAGERDN
174*e670fd5cSchristosolcRootPW: $PASSWD
175*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
176*e670fd5cSchristos  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
177*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
178*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
179*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
180*e670fd5cSchristos  starttls=critical
181*e670fd5cSchristosolcMultiProvider: TRUE
182*e670fd5cSchristos$INDEX2
183*e670fd5cSchristos
184*e670fd5cSchristosdn: olcOverlay=syncprov,olcDatabase={2}$BACKEND,cn=config
185*e670fd5cSchristosobjectClass: olcOverlayConfig
186*e670fd5cSchristosobjectClass: olcSyncProvConfig
187*e670fd5cSchristosolcOverlay: syncprov
188*e670fd5cSchristos
189*e670fd5cSchristosdn: olcOverlay=accesslog,olcDatabase={2}$BACKEND,cn=config
190*e670fd5cSchristosobjectClass: olcOverlayConfig
191*e670fd5cSchristosobjectClass: olcAccessLogConfig
192*e670fd5cSchristosolcOverlay: accesslog
193*e670fd5cSchristosolcAccessLogDB: cn=log
194*e670fd5cSchristosolcAccessLogOps: writes
195*e670fd5cSchristosolcAccessLogSuccess: TRUE
196*e670fd5cSchristos
197*e670fd5cSchristosEOF
198*e670fd5cSchristos$SLAPADD -F $CFDIR -n 0  -d-1< $TMP > $TESTOUT 2>&1
199*e670fd5cSchristosPORT=`eval echo '$PORT'$n`
200*e670fd5cSchristosecho "Starting server $n on TCP/IP port $PORT..."
201*e670fd5cSchristoscd ${XDIR}${n}
202*e670fd5cSchristosLOG=`eval echo '$LOG'$n`
203*e670fd5cSchristos$SLAPD -F slapd.d -h $MYURI -d $LVL > $LOG 2>&1 &
204*e670fd5cSchristosPID=$!
205*e670fd5cSchristosif test $WAIT != 0 ; then
206*e670fd5cSchristos    echo PID $PID
207*e670fd5cSchristos    read foo
208*e670fd5cSchristosfi
209*e670fd5cSchristosKILLPIDS="$PID $KILLPIDS"
210*e670fd5cSchristoscd $TESTWD
211*e670fd5cSchristos
212*e670fd5cSchristosecho "Using ldapsearch to check that server $n is running..."
213*e670fd5cSchristosfor i in 0 1 2 3 4 5; do
214*e670fd5cSchristos	$LDAPSEARCH -s base -b "" -H $MYURI \
215*e670fd5cSchristos		'objectclass=*' > /dev/null 2>&1
216*e670fd5cSchristos	RC=$?
217*e670fd5cSchristos	if test $RC = 0 ; then
218*e670fd5cSchristos		break
219*e670fd5cSchristos	fi
220*e670fd5cSchristos	echo "Waiting 5 seconds for slapd to start..."
221*e670fd5cSchristos	sleep 5
222*e670fd5cSchristosdone
223*e670fd5cSchristos
224*e670fd5cSchristosif test $RC != 0 ; then
225*e670fd5cSchristos	echo "ldapsearch failed ($RC)!"
226*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
227*e670fd5cSchristos	exit $RC
228*e670fd5cSchristosfi
229*e670fd5cSchristos
230*e670fd5cSchristosif [ $n = 1 ]; then
231*e670fd5cSchristosecho "Using ldapadd for context on server 1..."
232*e670fd5cSchristos$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDEREDCP \
233*e670fd5cSchristos	>> $TESTOUT 2>&1
234*e670fd5cSchristosRC=$?
235*e670fd5cSchristosif test $RC != 0 ; then
236*e670fd5cSchristos	echo "ldapadd failed for server $n database ($RC)!"
237*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
238*e670fd5cSchristos	exit $RC
239*e670fd5cSchristosfi
240*e670fd5cSchristosfi
241*e670fd5cSchristos
242*e670fd5cSchristosn=`expr $n + 1`
243*e670fd5cSchristosdone
244*e670fd5cSchristos
245*e670fd5cSchristosecho "Using ldapadd to populate server 1..."
246*e670fd5cSchristos$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDEREDNOCP \
247*e670fd5cSchristos	>> $TESTOUT 2>&1
248*e670fd5cSchristosRC=$?
249*e670fd5cSchristosif test $RC != 0 ; then
250*e670fd5cSchristos	echo "ldapadd failed for server $n database ($RC)!"
251*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
252*e670fd5cSchristos	exit $RC
253*e670fd5cSchristosfi
254*e670fd5cSchristos
255*e670fd5cSchristosecho "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
256*e670fd5cSchristossleep $SLEEP1
257*e670fd5cSchristos
258*e670fd5cSchristosn=1
259*e670fd5cSchristoswhile [ $n -le $MMR ]; do
260*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
261*e670fd5cSchristosURI="ldap://${LOCALHOST}:$PORT/"
262*e670fd5cSchristos
263*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
264*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD  \
265*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
266*e670fd5cSchristosRC=$?
267*e670fd5cSchristos
268*e670fd5cSchristosif test $RC != 0 ; then
269*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
270*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
271*e670fd5cSchristos	exit $RC
272*e670fd5cSchristosfi
273*e670fd5cSchristos$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
274*e670fd5cSchristosn=`expr $n + 1`
275*e670fd5cSchristosdone
276*e670fd5cSchristos
277*e670fd5cSchristosn=2
278*e670fd5cSchristoswhile [ $n -le $MMR ]; do
279*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
280*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
281*e670fd5cSchristos
282*e670fd5cSchristosif test $? != 0 ; then
283*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
284*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
285*e670fd5cSchristos	exit 1
286*e670fd5cSchristosfi
287*e670fd5cSchristosn=`expr $n + 1`
288*e670fd5cSchristosdone
289*e670fd5cSchristos
290*e670fd5cSchristosecho "Using ldapadd to populate server 2..."
291*e670fd5cSchristos$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \
292*e670fd5cSchristos	>> $TESTOUT 2>&1
293*e670fd5cSchristosRC=$?
294*e670fd5cSchristosif test $RC != 0 ; then
295*e670fd5cSchristos	echo "ldapadd failed for server 2 database ($RC)!"
296*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
297*e670fd5cSchristos	exit $RC
298*e670fd5cSchristosfi
299*e670fd5cSchristos
300*e670fd5cSchristosTHEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com"
301*e670fd5cSchristossleep 1
302*e670fd5cSchristosfor i in 1 2 3; do
303*e670fd5cSchristos	$LDAPSEARCH -S "" -b "$THEDN" -H $URI1 \
304*e670fd5cSchristos		-s base '(objectClass=*)' entryCSN > "${PROVIDEROUT}.$i" 2>&1
305*e670fd5cSchristos	RC=$?
306*e670fd5cSchristos
307*e670fd5cSchristos	if test $RC = 0 ; then
308*e670fd5cSchristos		break
309*e670fd5cSchristos	fi
310*e670fd5cSchristos
311*e670fd5cSchristos	if test $RC != 32 ; then
312*e670fd5cSchristos		echo "ldapsearch failed at replica ($RC)!"
313*e670fd5cSchristos		test $KILLSERVERS != no && kill -HUP $KILLPIDS
314*e670fd5cSchristos		exit $RC
315*e670fd5cSchristos	fi
316*e670fd5cSchristos
317*e670fd5cSchristos	echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
318*e670fd5cSchristos	sleep $SLEEP1
319*e670fd5cSchristosdone
320*e670fd5cSchristos
321*e670fd5cSchristosn=1
322*e670fd5cSchristoswhile [ $n -le $MMR ]; do
323*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
324*e670fd5cSchristosURI="ldap://${LOCALHOST}:$PORT/"
325*e670fd5cSchristos
326*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
327*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD  \
328*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
329*e670fd5cSchristosRC=$?
330*e670fd5cSchristos
331*e670fd5cSchristosif test $RC != 0 ; then
332*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
333*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
334*e670fd5cSchristos	exit $RC
335*e670fd5cSchristosfi
336*e670fd5cSchristos$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
337*e670fd5cSchristosn=`expr $n + 1`
338*e670fd5cSchristosdone
339*e670fd5cSchristos
340*e670fd5cSchristosn=2
341*e670fd5cSchristoswhile [ $n -le $MMR ]; do
342*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
343*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
344*e670fd5cSchristos
345*e670fd5cSchristosif test $? != 0 ; then
346*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
347*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
348*e670fd5cSchristos	exit 1
349*e670fd5cSchristosfi
350*e670fd5cSchristosn=`expr $n + 1`
351*e670fd5cSchristosdone
352*e670fd5cSchristos
353*e670fd5cSchristosecho "Breaking replication between server 1 and 2..."
354*e670fd5cSchristosn=1
355*e670fd5cSchristoswhile [ $n -le $MMR ]; do
356*e670fd5cSchristoso=`expr 3 - $n`
357*e670fd5cSchristosMYURI=`eval echo '$URI'$n`
358*e670fd5cSchristosPROVIDERURI=`eval echo '$URIP'$o`
359*e670fd5cSchristos$LDAPMODIFY -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
360*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
361*e670fd5cSchristoschangetype: modify
362*e670fd5cSchristosreplace: olcSyncRepl
363*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
364*e670fd5cSchristos  credentials=InvalidPw searchbase="$BASEDN" $SYNCTYPE
365*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
366*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
367*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
368*e670fd5cSchristos  starttls=critical
369*e670fd5cSchristos-
370*e670fd5cSchristosreplace: olcMultiProvider
371*e670fd5cSchristosolcMultiProvider: TRUE
372*e670fd5cSchristos
373*e670fd5cSchristosEOF
374*e670fd5cSchristosRC=$?
375*e670fd5cSchristosif test $RC != 0 ; then
376*e670fd5cSchristos	echo "ldapmodify failed for server $n config ($RC)!"
377*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
378*e670fd5cSchristos	exit $RC
379*e670fd5cSchristosfi
380*e670fd5cSchristosn=`expr $n + 1`
381*e670fd5cSchristosdone
382*e670fd5cSchristos
383*e670fd5cSchristosecho "Using ldapmodify to force conflicts between server 1 and 2..."
384*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
385*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
386*e670fd5cSchristosdn: $THEDN
387*e670fd5cSchristoschangetype: modify
388*e670fd5cSchristosadd: description
389*e670fd5cSchristosdescription: Amazing
390*e670fd5cSchristos
391*e670fd5cSchristosEOF
392*e670fd5cSchristosRC=$?
393*e670fd5cSchristosif test $RC != 0 ; then
394*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
395*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
396*e670fd5cSchristos	exit $RC
397*e670fd5cSchristosfi
398*e670fd5cSchristos
399*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
400*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
401*e670fd5cSchristosdn: $THEDN
402*e670fd5cSchristoschangetype: modify
403*e670fd5cSchristosadd: description
404*e670fd5cSchristosdescription: Stupendous
405*e670fd5cSchristos
406*e670fd5cSchristosEOF
407*e670fd5cSchristosRC=$?
408*e670fd5cSchristosif test $RC != 0 ; then
409*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
410*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
411*e670fd5cSchristos	exit $RC
412*e670fd5cSchristosfi
413*e670fd5cSchristos
414*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
415*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
416*e670fd5cSchristosdn: $THEDN
417*e670fd5cSchristoschangetype: modify
418*e670fd5cSchristosdelete: description
419*e670fd5cSchristosdescription: Outstanding
420*e670fd5cSchristos-
421*e670fd5cSchristosadd: description
422*e670fd5cSchristosdescription: Mindboggling
423*e670fd5cSchristos
424*e670fd5cSchristosEOF
425*e670fd5cSchristosRC=$?
426*e670fd5cSchristosif test $RC != 0 ; then
427*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
428*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
429*e670fd5cSchristos	exit $RC
430*e670fd5cSchristosfi
431*e670fd5cSchristos
432*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
433*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
434*e670fd5cSchristosdn: $THEDN
435*e670fd5cSchristoschangetype: modify
436*e670fd5cSchristosdelete: description
437*e670fd5cSchristosdescription: OutStanding
438*e670fd5cSchristos-
439*e670fd5cSchristosadd: description
440*e670fd5cSchristosdescription: Bizarre
441*e670fd5cSchristos
442*e670fd5cSchristosEOF
443*e670fd5cSchristosRC=$?
444*e670fd5cSchristosif test $RC != 0 ; then
445*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
446*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
447*e670fd5cSchristos	exit $RC
448*e670fd5cSchristosfi
449*e670fd5cSchristos
450*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
451*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
452*e670fd5cSchristosdn: $THEDN
453*e670fd5cSchristoschangetype: modify
454*e670fd5cSchristosadd: carLicense
455*e670fd5cSchristoscarLicense: 123-XYZ
456*e670fd5cSchristos-
457*e670fd5cSchristosadd: employeeNumber
458*e670fd5cSchristosemployeeNumber: 32
459*e670fd5cSchristos
460*e670fd5cSchristosEOF
461*e670fd5cSchristosRC=$?
462*e670fd5cSchristosif test $RC != 0 ; then
463*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
464*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
465*e670fd5cSchristos	exit $RC
466*e670fd5cSchristosfi
467*e670fd5cSchristos
468*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
469*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
470*e670fd5cSchristosdn: $THEDN
471*e670fd5cSchristoschangetype: modify
472*e670fd5cSchristosadd: employeeType
473*e670fd5cSchristosemployeeType: deadwood
474*e670fd5cSchristos-
475*e670fd5cSchristosadd: employeeNumber
476*e670fd5cSchristosemployeeNumber: 64
477*e670fd5cSchristos
478*e670fd5cSchristosEOF
479*e670fd5cSchristosRC=$?
480*e670fd5cSchristosif test $RC != 0 ; then
481*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
482*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
483*e670fd5cSchristos	exit $RC
484*e670fd5cSchristosfi
485*e670fd5cSchristos
486*e670fd5cSchristos$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
487*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
488*e670fd5cSchristosdn: $THEDN
489*e670fd5cSchristoschangetype: modify
490*e670fd5cSchristosreplace: sn
491*e670fd5cSchristossn: Replaced later
492*e670fd5cSchristos-
493*e670fd5cSchristosreplace: sn
494*e670fd5cSchristossn: Surname
495*e670fd5cSchristosEOF
496*e670fd5cSchristosRC=$?
497*e670fd5cSchristosif test $RC != 0 ; then
498*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
499*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
500*e670fd5cSchristos	exit $RC
501*e670fd5cSchristosfi
502*e670fd5cSchristos
503*e670fd5cSchristosecho "Restoring replication between server 1 and 2..."
504*e670fd5cSchristosn=1
505*e670fd5cSchristoswhile [ $n -le $MMR ]; do
506*e670fd5cSchristoso=`expr 3 - $n`
507*e670fd5cSchristosMYURI=`eval echo '$URI'$n`
508*e670fd5cSchristosPROVIDERURI=`eval echo '$URIP'$o`
509*e670fd5cSchristos$LDAPMODIFY -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
510*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
511*e670fd5cSchristoschangetype: modify
512*e670fd5cSchristosreplace: olcSyncRepl
513*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
514*e670fd5cSchristos  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
515*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
516*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
517*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
518*e670fd5cSchristos  starttls=critical
519*e670fd5cSchristos-
520*e670fd5cSchristosreplace: olcMultiProvider
521*e670fd5cSchristosolcMultiProvider: TRUE
522*e670fd5cSchristos
523*e670fd5cSchristosEOF
524*e670fd5cSchristosRC=$?
525*e670fd5cSchristosif test $RC != 0 ; then
526*e670fd5cSchristos	echo "ldapmodify failed for server $n config ($RC)!"
527*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
528*e670fd5cSchristos	exit $RC
529*e670fd5cSchristosfi
530*e670fd5cSchristosn=`expr $n + 1`
531*e670fd5cSchristosdone
532*e670fd5cSchristos
533*e670fd5cSchristosecho "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
534*e670fd5cSchristossleep $SLEEP1
535*e670fd5cSchristos
536*e670fd5cSchristosn=1
537*e670fd5cSchristoswhile [ $n -le $MMR ]; do
538*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
539*e670fd5cSchristosURI="ldap://${LOCALHOST}:$PORT/"
540*e670fd5cSchristos
541*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
542*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD  \
543*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
544*e670fd5cSchristosRC=$?
545*e670fd5cSchristos
546*e670fd5cSchristosif test $RC != 0 ; then
547*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
548*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
549*e670fd5cSchristos	exit $RC
550*e670fd5cSchristosfi
551*e670fd5cSchristos$LDIFFILTER -s a < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
552*e670fd5cSchristosn=`expr $n + 1`
553*e670fd5cSchristosdone
554*e670fd5cSchristos
555*e670fd5cSchristosn=2
556*e670fd5cSchristoswhile [ $n -le $MMR ]; do
557*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
558*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
559*e670fd5cSchristos
560*e670fd5cSchristosif test $? != 0 ; then
561*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
562*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
563*e670fd5cSchristos	exit 1
564*e670fd5cSchristosfi
565*e670fd5cSchristosn=`expr $n + 1`
566*e670fd5cSchristosdone
567*e670fd5cSchristos
568*e670fd5cSchristostest $KILLSERVERS != no && kill -HUP $KILLPIDS
569*e670fd5cSchristos
570*e670fd5cSchristosecho ">>>>> Test succeeded"
571*e670fd5cSchristos
572*e670fd5cSchristostest $KILLSERVERS != no && wait
573*e670fd5cSchristos
574*e670fd5cSchristosexit 0
575