xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test070-delta-multiprovider-ldaps (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1*e670fd5cSchristos#! /bin/sh
2*e670fd5cSchristos# $OpenLDAP$
3*e670fd5cSchristos## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4*e670fd5cSchristos##
5*e670fd5cSchristos## Copyright 1998-2021 The OpenLDAP Foundation.
6*e670fd5cSchristos## All rights reserved.
7*e670fd5cSchristos##
8*e670fd5cSchristos## Redistribution and use in source and binary forms, with or without
9*e670fd5cSchristos## modification, are permitted only as authorized by the OpenLDAP
10*e670fd5cSchristos## Public License.
11*e670fd5cSchristos##
12*e670fd5cSchristos## A copy of this license is available in the file LICENSE in the
13*e670fd5cSchristos## top-level directory of the distribution or, alternatively, at
14*e670fd5cSchristos## <http://www.OpenLDAP.org/license.html>.
15*e670fd5cSchristos
16*e670fd5cSchristosecho "running defines.sh"
17*e670fd5cSchristos. $SRCDIR/scripts/defines.sh
18*e670fd5cSchristos
19*e670fd5cSchristosif test $WITH_TLS = no ; then
20*e670fd5cSchristos        echo "TLS support not available, test skipped"
21*e670fd5cSchristos        exit 0
22*e670fd5cSchristosfi
23*e670fd5cSchristos
24*e670fd5cSchristosif test $SYNCPROV = syncprovno; then
25*e670fd5cSchristos	echo "Syncrepl provider overlay not available, test skipped"
26*e670fd5cSchristos	exit 0
27*e670fd5cSchristosfi
28*e670fd5cSchristosif test $ACCESSLOG = accesslogno; then
29*e670fd5cSchristos	echo "Accesslog overlay not available, test skipped"
30*e670fd5cSchristos	exit 0
31*e670fd5cSchristosfi
32*e670fd5cSchristos
33*e670fd5cSchristosMMR=2
34*e670fd5cSchristos
35*e670fd5cSchristosXDIR=$TESTDIR/srv
36*e670fd5cSchristosTMP=$TESTDIR/tmp
37*e670fd5cSchristos
38*e670fd5cSchristosmkdir -p $TESTDIR
39*e670fd5cSchristoscp -r $DATADIR/tls $TESTDIR
40*e670fd5cSchristos
41*e670fd5cSchristos$SLAPPASSWD -g -n >$CONFIGPWF
42*e670fd5cSchristos
43*e670fd5cSchristosif test x"$SYNCMODE" = x ; then
44*e670fd5cSchristos	SYNCMODE=rp
45*e670fd5cSchristosfi
46*e670fd5cSchristoscase "$SYNCMODE" in
47*e670fd5cSchristos	ro)
48*e670fd5cSchristos		SYNCTYPE="type=refreshOnly interval=00:00:00:03"
49*e670fd5cSchristos		;;
50*e670fd5cSchristos	rp)
51*e670fd5cSchristos		SYNCTYPE="type=refreshAndPersist interval=00:00:00:03"
52*e670fd5cSchristos		;;
53*e670fd5cSchristos	*)
54*e670fd5cSchristos		echo "unknown sync mode $SYNCMODE"
55*e670fd5cSchristos		exit 1;
56*e670fd5cSchristos		;;
57*e670fd5cSchristosesac
58*e670fd5cSchristos
59*e670fd5cSchristos#
60*e670fd5cSchristos# Test delta-sync mmr
61*e670fd5cSchristos# - start servers
62*e670fd5cSchristos# - configure over ldap
63*e670fd5cSchristos# - populate over ldap
64*e670fd5cSchristos# - configure syncrepl over ldap
65*e670fd5cSchristos# - break replication
66*e670fd5cSchristos# - modify each server separately
67*e670fd5cSchristos# - restore replication
68*e670fd5cSchristos# - compare results
69*e670fd5cSchristos#
70*e670fd5cSchristos
71*e670fd5cSchristosnullExclude=""
72*e670fd5cSchristostest $BACKEND = null && nullExclude="# "
73*e670fd5cSchristos
74*e670fd5cSchristosKILLPIDS=
75*e670fd5cSchristos
76*e670fd5cSchristosecho "Initializing server configurations..."
77*e670fd5cSchristosn=1
78*e670fd5cSchristoswhile [ $n -le $MMR ]; do
79*e670fd5cSchristos
80*e670fd5cSchristosDBDIR=${XDIR}$n/db
81*e670fd5cSchristosCFDIR=${XDIR}$n/slapd.d
82*e670fd5cSchristos
83*e670fd5cSchristosmkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
84*e670fd5cSchristos
85*e670fd5cSchristoso=`expr 3 - $n`
86*e670fd5cSchristoscat > $TMP <<EOF
87*e670fd5cSchristosdn: cn=config
88*e670fd5cSchristosobjectClass: olcGlobal
89*e670fd5cSchristoscn: config
90*e670fd5cSchristosolcServerID: $n
91*e670fd5cSchristosolcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
92*e670fd5cSchristosolcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key
93*e670fd5cSchristos
94*e670fd5cSchristosEOF
95*e670fd5cSchristos
96*e670fd5cSchristosif [ "$SYNCPROV" = syncprovmod -o "$ACCESSLOG" = accesslogmod ]; then
97*e670fd5cSchristos  cat <<EOF >> $TMP
98*e670fd5cSchristosdn: cn=module,cn=config
99*e670fd5cSchristosobjectClass: olcModuleList
100*e670fd5cSchristoscn: module
101*e670fd5cSchristosolcModulePath: $TESTWD/../servers/slapd/overlays
102*e670fd5cSchristosEOF
103*e670fd5cSchristos  if [ "$SYNCPROV" = syncprovmod ]; then
104*e670fd5cSchristos  echo "olcModuleLoad: syncprov.la" >> $TMP
105*e670fd5cSchristos  fi
106*e670fd5cSchristos  if [ "$ACCESSLOG" = accesslogmod ]; then
107*e670fd5cSchristos  echo "olcModuleLoad: accesslog.la" >> $TMP
108*e670fd5cSchristos  fi
109*e670fd5cSchristos  echo "" >> $TMP
110*e670fd5cSchristosfi
111*e670fd5cSchristos
112*e670fd5cSchristosif [ "$BACKENDTYPE" = mod ]; then
113*e670fd5cSchristoscat <<EOF >> $TMP
114*e670fd5cSchristosdn: cn=module,cn=config
115*e670fd5cSchristosobjectClass: olcModuleList
116*e670fd5cSchristoscn: module
117*e670fd5cSchristosolcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
118*e670fd5cSchristosolcModuleLoad: back_$BACKEND.la
119*e670fd5cSchristos
120*e670fd5cSchristosEOF
121*e670fd5cSchristosfi
122*e670fd5cSchristosMYURI=`eval echo '$SURIP'$n`
123*e670fd5cSchristosPROVIDERURI=`eval echo '$SURIP'$o`
124*e670fd5cSchristosif test $INDEXDB = indexdb ; then
125*e670fd5cSchristosINDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq"
126*e670fd5cSchristosINDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq"
127*e670fd5cSchristoselse
128*e670fd5cSchristosINDEX1=
129*e670fd5cSchristosINDEX2=
130*e670fd5cSchristosfi
131*e670fd5cSchristoscat >> $TMP <<EOF
132*e670fd5cSchristosdn: cn=schema,cn=config
133*e670fd5cSchristosobjectclass: olcSchemaconfig
134*e670fd5cSchristoscn: schema
135*e670fd5cSchristos
136*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/core.ldif
137*e670fd5cSchristos
138*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/cosine.ldif
139*e670fd5cSchristos
140*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/inetorgperson.ldif
141*e670fd5cSchristos
142*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/openldap.ldif
143*e670fd5cSchristos
144*e670fd5cSchristosinclude: file://$ABS_SCHEMADIR/nis.ldif
145*e670fd5cSchristos
146*e670fd5cSchristosdn: olcDatabase={0}config,cn=config
147*e670fd5cSchristosobjectClass: olcDatabaseConfig
148*e670fd5cSchristosolcDatabase: {0}config
149*e670fd5cSchristosolcRootPW:< file://$CONFIGPWF
150*e670fd5cSchristos
151*e670fd5cSchristosdn: olcDatabase={1}$BACKEND,cn=config
152*e670fd5cSchristosobjectClass: olcDatabaseConfig
153*e670fd5cSchristos${nullExclude}objectClass: olc${BACKEND}Config
154*e670fd5cSchristosolcDatabase: {1}$BACKEND
155*e670fd5cSchristosolcSuffix: cn=log
156*e670fd5cSchristos${nullExclude}olcDbDirectory: ${DBDIR}.1
157*e670fd5cSchristosolcRootDN: $MANAGERDN
158*e670fd5cSchristos$INDEX1
159*e670fd5cSchristos
160*e670fd5cSchristosdn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
161*e670fd5cSchristosobjectClass: olcOverlayConfig
162*e670fd5cSchristosobjectClass: olcSyncProvConfig
163*e670fd5cSchristosolcOverlay: syncprov
164*e670fd5cSchristosolcSpNoPresent: TRUE
165*e670fd5cSchristosolcSpReloadHint: TRUE
166*e670fd5cSchristos
167*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
168*e670fd5cSchristosobjectClass: olcDatabaseConfig
169*e670fd5cSchristos${nullExclude}objectClass: olc${BACKEND}Config
170*e670fd5cSchristosolcDatabase: {2}$BACKEND
171*e670fd5cSchristosolcSuffix: $BASEDN
172*e670fd5cSchristos${nullExclude}olcDbDirectory: ${DBDIR}.2
173*e670fd5cSchristosolcRootDN: $MANAGERDN
174*e670fd5cSchristosolcRootPW: $PASSWD
175*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
176*e670fd5cSchristos  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
177*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
178*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
179*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
180*e670fd5cSchristosolcMultiProvider: TRUE
181*e670fd5cSchristos$INDEX2
182*e670fd5cSchristos
183*e670fd5cSchristosdn: olcOverlay=syncprov,olcDatabase={2}$BACKEND,cn=config
184*e670fd5cSchristosobjectClass: olcOverlayConfig
185*e670fd5cSchristosobjectClass: olcSyncProvConfig
186*e670fd5cSchristosolcOverlay: syncprov
187*e670fd5cSchristos
188*e670fd5cSchristosdn: olcOverlay=accesslog,olcDatabase={2}$BACKEND,cn=config
189*e670fd5cSchristosobjectClass: olcOverlayConfig
190*e670fd5cSchristosobjectClass: olcAccessLogConfig
191*e670fd5cSchristosolcOverlay: accesslog
192*e670fd5cSchristosolcAccessLogDB: cn=log
193*e670fd5cSchristosolcAccessLogOps: writes
194*e670fd5cSchristosolcAccessLogSuccess: TRUE
195*e670fd5cSchristos
196*e670fd5cSchristosEOF
197*e670fd5cSchristos$SLAPADD -F $CFDIR -n 0  -d-1< $TMP > $TESTOUT 2>&1
198*e670fd5cSchristosPORT=`eval echo '$PORT'$n`
199*e670fd5cSchristosecho "Starting server $n on TCP/IP port $PORT..."
200*e670fd5cSchristoscd ${XDIR}${n}
201*e670fd5cSchristosLOG=`eval echo '$LOG'$n`
202*e670fd5cSchristos$SLAPD -F slapd.d -h $MYURI -d $LVL > $LOG 2>&1 &
203*e670fd5cSchristosPID=$!
204*e670fd5cSchristosif test $WAIT != 0 ; then
205*e670fd5cSchristos    echo PID $PID
206*e670fd5cSchristos    read foo
207*e670fd5cSchristosfi
208*e670fd5cSchristosKILLPIDS="$PID $KILLPIDS"
209*e670fd5cSchristoscd $TESTWD
210*e670fd5cSchristos
211*e670fd5cSchristosecho "Using ldapsearch to check that server $n is running..."
212*e670fd5cSchristosfor i in 0 1 2 3 4 5; do
213*e670fd5cSchristos	$LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -s base -b "" -H $MYURI \
214*e670fd5cSchristos		'objectclass=*' > /dev/null 2>&1
215*e670fd5cSchristos	RC=$?
216*e670fd5cSchristos	if test $RC = 0 ; then
217*e670fd5cSchristos		break
218*e670fd5cSchristos	fi
219*e670fd5cSchristos	echo "Waiting 5 seconds for slapd to start..."
220*e670fd5cSchristos	sleep 5
221*e670fd5cSchristosdone
222*e670fd5cSchristos
223*e670fd5cSchristosif test $RC != 0 ; then
224*e670fd5cSchristos	echo "ldapsearch failed ($RC)!"
225*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
226*e670fd5cSchristos	exit $RC
227*e670fd5cSchristosfi
228*e670fd5cSchristos
229*e670fd5cSchristosif [ $n = 1 ]; then
230*e670fd5cSchristosecho "Using ldapadd for context on server 1..."
231*e670fd5cSchristos$LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDCP \
232*e670fd5cSchristos	>> $TESTOUT 2>&1
233*e670fd5cSchristosRC=$?
234*e670fd5cSchristosif test $RC != 0 ; then
235*e670fd5cSchristos	echo "ldapadd failed for server $n database ($RC)!"
236*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
237*e670fd5cSchristos	exit $RC
238*e670fd5cSchristosfi
239*e670fd5cSchristosfi
240*e670fd5cSchristos
241*e670fd5cSchristosn=`expr $n + 1`
242*e670fd5cSchristosdone
243*e670fd5cSchristos
244*e670fd5cSchristosecho "Using ldapadd to populate server 1..."
245*e670fd5cSchristos$LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDNOCP \
246*e670fd5cSchristos	>> $TESTOUT 2>&1
247*e670fd5cSchristosRC=$?
248*e670fd5cSchristosif test $RC != 0 ; then
249*e670fd5cSchristos	echo "ldapadd failed for server $n database ($RC)!"
250*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
251*e670fd5cSchristos	exit $RC
252*e670fd5cSchristosfi
253*e670fd5cSchristos
254*e670fd5cSchristosecho "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
255*e670fd5cSchristossleep $SLEEP1
256*e670fd5cSchristos
257*e670fd5cSchristosn=1
258*e670fd5cSchristoswhile [ $n -le $MMR ]; do
259*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
260*e670fd5cSchristosURI="ldaps://${LOCALIP}:$PORT/"
261*e670fd5cSchristos
262*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
263*e670fd5cSchristos$LDAPSEARCH -S "" -b "$BASEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $URI -w $PASSWD  \
264*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
265*e670fd5cSchristosRC=$?
266*e670fd5cSchristos
267*e670fd5cSchristosif test $RC != 0 ; then
268*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
269*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
270*e670fd5cSchristos	exit $RC
271*e670fd5cSchristosfi
272*e670fd5cSchristos$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
273*e670fd5cSchristosn=`expr $n + 1`
274*e670fd5cSchristosdone
275*e670fd5cSchristos
276*e670fd5cSchristosn=2
277*e670fd5cSchristoswhile [ $n -le $MMR ]; do
278*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
279*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
280*e670fd5cSchristos
281*e670fd5cSchristosif test $? != 0 ; then
282*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
283*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
284*e670fd5cSchristos	exit 1
285*e670fd5cSchristosfi
286*e670fd5cSchristosn=`expr $n + 1`
287*e670fd5cSchristosdone
288*e670fd5cSchristos
289*e670fd5cSchristosecho "Using ldapadd to populate server 2..."
290*e670fd5cSchristos$LDAPADD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD -f $LDIFADD1 \
291*e670fd5cSchristos	>> $TESTOUT 2>&1
292*e670fd5cSchristosRC=$?
293*e670fd5cSchristosif test $RC != 0 ; then
294*e670fd5cSchristos	echo "ldapadd failed for server 2 database ($RC)!"
295*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
296*e670fd5cSchristos	exit $RC
297*e670fd5cSchristosfi
298*e670fd5cSchristos
299*e670fd5cSchristosTHEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com"
300*e670fd5cSchristossleep 1
301*e670fd5cSchristosfor i in 1 2 3; do
302*e670fd5cSchristos	$LDAPSEARCH -S "" -b "$THEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $SURIP1 \
303*e670fd5cSchristos		-s base '(objectClass=*)' entryCSN > "${PROVIDEROUT}.$i" 2>&1
304*e670fd5cSchristos	RC=$?
305*e670fd5cSchristos
306*e670fd5cSchristos	if test $RC = 0 ; then
307*e670fd5cSchristos		break
308*e670fd5cSchristos	fi
309*e670fd5cSchristos
310*e670fd5cSchristos	if test $RC != 32 ; then
311*e670fd5cSchristos		echo "ldapsearch failed at replica ($RC)!"
312*e670fd5cSchristos		test $KILLSERVERS != no && kill -HUP $KILLPIDS
313*e670fd5cSchristos		exit $RC
314*e670fd5cSchristos	fi
315*e670fd5cSchristos
316*e670fd5cSchristos	echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
317*e670fd5cSchristos	sleep $SLEEP1
318*e670fd5cSchristosdone
319*e670fd5cSchristos
320*e670fd5cSchristosn=1
321*e670fd5cSchristoswhile [ $n -le $MMR ]; do
322*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
323*e670fd5cSchristosURI="ldaps://${LOCALIP}:$PORT/"
324*e670fd5cSchristos
325*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
326*e670fd5cSchristos$LDAPSEARCH -S "" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD  \
327*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
328*e670fd5cSchristosRC=$?
329*e670fd5cSchristos
330*e670fd5cSchristosif test $RC != 0 ; then
331*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
332*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
333*e670fd5cSchristos	exit $RC
334*e670fd5cSchristosfi
335*e670fd5cSchristos$LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
336*e670fd5cSchristosn=`expr $n + 1`
337*e670fd5cSchristosdone
338*e670fd5cSchristos
339*e670fd5cSchristosn=2
340*e670fd5cSchristoswhile [ $n -le $MMR ]; do
341*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
342*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
343*e670fd5cSchristos
344*e670fd5cSchristosif test $? != 0 ; then
345*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
346*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
347*e670fd5cSchristos	exit 1
348*e670fd5cSchristosfi
349*e670fd5cSchristosn=`expr $n + 1`
350*e670fd5cSchristosdone
351*e670fd5cSchristos
352*e670fd5cSchristosecho "Breaking replication between server 1 and 2..."
353*e670fd5cSchristosn=1
354*e670fd5cSchristoswhile [ $n -le $MMR ]; do
355*e670fd5cSchristoso=`expr 3 - $n`
356*e670fd5cSchristosMYURI=`eval echo '$SURIP'$n`
357*e670fd5cSchristosPROVIDERURI=`eval echo '$SURIP'$o`
358*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
359*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
360*e670fd5cSchristoschangetype: modify
361*e670fd5cSchristosreplace: olcSyncRepl
362*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
363*e670fd5cSchristos  credentials=InvalidPw searchbase="$BASEDN" $SYNCTYPE
364*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
365*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
366*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
367*e670fd5cSchristos-
368*e670fd5cSchristosreplace: olcMultiProvider
369*e670fd5cSchristosolcMultiProvider: TRUE
370*e670fd5cSchristos
371*e670fd5cSchristosEOF
372*e670fd5cSchristosRC=$?
373*e670fd5cSchristosif test $RC != 0 ; then
374*e670fd5cSchristos	echo "ldapmodify failed for server $n config ($RC)!"
375*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
376*e670fd5cSchristos	exit $RC
377*e670fd5cSchristosfi
378*e670fd5cSchristosn=`expr $n + 1`
379*e670fd5cSchristosdone
380*e670fd5cSchristos
381*e670fd5cSchristosecho "Using ldapmodify to force conflicts between server 1 and 2..."
382*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
383*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
384*e670fd5cSchristosdn: $THEDN
385*e670fd5cSchristoschangetype: modify
386*e670fd5cSchristosadd: description
387*e670fd5cSchristosdescription: Amazing
388*e670fd5cSchristos
389*e670fd5cSchristosEOF
390*e670fd5cSchristosRC=$?
391*e670fd5cSchristosif test $RC != 0 ; then
392*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
393*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
394*e670fd5cSchristos	exit $RC
395*e670fd5cSchristosfi
396*e670fd5cSchristos
397*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
398*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
399*e670fd5cSchristosdn: $THEDN
400*e670fd5cSchristoschangetype: modify
401*e670fd5cSchristosadd: description
402*e670fd5cSchristosdescription: Stupendous
403*e670fd5cSchristos
404*e670fd5cSchristosEOF
405*e670fd5cSchristosRC=$?
406*e670fd5cSchristosif test $RC != 0 ; then
407*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
408*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
409*e670fd5cSchristos	exit $RC
410*e670fd5cSchristosfi
411*e670fd5cSchristos
412*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
413*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
414*e670fd5cSchristosdn: $THEDN
415*e670fd5cSchristoschangetype: modify
416*e670fd5cSchristosdelete: description
417*e670fd5cSchristosdescription: Outstanding
418*e670fd5cSchristos-
419*e670fd5cSchristosadd: description
420*e670fd5cSchristosdescription: Mindboggling
421*e670fd5cSchristos
422*e670fd5cSchristosEOF
423*e670fd5cSchristosRC=$?
424*e670fd5cSchristosif test $RC != 0 ; then
425*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
426*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
427*e670fd5cSchristos	exit $RC
428*e670fd5cSchristosfi
429*e670fd5cSchristos
430*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
431*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
432*e670fd5cSchristosdn: $THEDN
433*e670fd5cSchristoschangetype: modify
434*e670fd5cSchristosdelete: description
435*e670fd5cSchristosdescription: OutStanding
436*e670fd5cSchristos-
437*e670fd5cSchristosadd: description
438*e670fd5cSchristosdescription: Bizarre
439*e670fd5cSchristos
440*e670fd5cSchristosEOF
441*e670fd5cSchristosRC=$?
442*e670fd5cSchristosif test $RC != 0 ; then
443*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
444*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
445*e670fd5cSchristos	exit $RC
446*e670fd5cSchristosfi
447*e670fd5cSchristos
448*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
449*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
450*e670fd5cSchristosdn: $THEDN
451*e670fd5cSchristoschangetype: modify
452*e670fd5cSchristosadd: carLicense
453*e670fd5cSchristoscarLicense: 123-XYZ
454*e670fd5cSchristos-
455*e670fd5cSchristosadd: employeeNumber
456*e670fd5cSchristosemployeeNumber: 32
457*e670fd5cSchristos
458*e670fd5cSchristosEOF
459*e670fd5cSchristosRC=$?
460*e670fd5cSchristosif test $RC != 0 ; then
461*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
462*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
463*e670fd5cSchristos	exit $RC
464*e670fd5cSchristosfi
465*e670fd5cSchristos
466*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
467*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
468*e670fd5cSchristosdn: $THEDN
469*e670fd5cSchristoschangetype: modify
470*e670fd5cSchristosadd: employeeType
471*e670fd5cSchristosemployeeType: deadwood
472*e670fd5cSchristos-
473*e670fd5cSchristosadd: employeeNumber
474*e670fd5cSchristosemployeeNumber: 64
475*e670fd5cSchristos
476*e670fd5cSchristosEOF
477*e670fd5cSchristosRC=$?
478*e670fd5cSchristosif test $RC != 0 ; then
479*e670fd5cSchristos	echo "ldapmodify failed for server 2 database ($RC)!"
480*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
481*e670fd5cSchristos	exit $RC
482*e670fd5cSchristosfi
483*e670fd5cSchristos
484*e670fd5cSchristos$LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
485*e670fd5cSchristos	>> $TESTOUT 2>&1 << EOF
486*e670fd5cSchristosdn: $THEDN
487*e670fd5cSchristoschangetype: modify
488*e670fd5cSchristosreplace: sn
489*e670fd5cSchristossn: Replaced later
490*e670fd5cSchristos-
491*e670fd5cSchristosreplace: sn
492*e670fd5cSchristossn: Surname
493*e670fd5cSchristosEOF
494*e670fd5cSchristosRC=$?
495*e670fd5cSchristosif test $RC != 0 ; then
496*e670fd5cSchristos	echo "ldapmodify failed for server 1 database ($RC)!"
497*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
498*e670fd5cSchristos	exit $RC
499*e670fd5cSchristosfi
500*e670fd5cSchristos
501*e670fd5cSchristosecho "Restoring replication between server 1 and 2..."
502*e670fd5cSchristosn=1
503*e670fd5cSchristoswhile [ $n -le $MMR ]; do
504*e670fd5cSchristoso=`expr 3 - $n`
505*e670fd5cSchristosMYURI=`eval echo '$SURIP'$n`
506*e670fd5cSchristosPROVIDERURI=`eval echo '$SURIP'$o`
507*e670fd5cSchristos$LDAPMODIFY -D cn=config -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
508*e670fd5cSchristosdn: olcDatabase={2}$BACKEND,cn=config
509*e670fd5cSchristoschangetype: modify
510*e670fd5cSchristosreplace: olcSyncRepl
511*e670fd5cSchristosolcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
512*e670fd5cSchristos  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
513*e670fd5cSchristos  retry="3 +" timeout=3 logbase="cn=log"
514*e670fd5cSchristos  logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
515*e670fd5cSchristos  syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
516*e670fd5cSchristos-
517*e670fd5cSchristosreplace: olcMultiProvider
518*e670fd5cSchristosolcMultiProvider: TRUE
519*e670fd5cSchristos
520*e670fd5cSchristosEOF
521*e670fd5cSchristosRC=$?
522*e670fd5cSchristosif test $RC != 0 ; then
523*e670fd5cSchristos	echo "ldapmodify failed for server $n config ($RC)!"
524*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
525*e670fd5cSchristos	exit $RC
526*e670fd5cSchristosfi
527*e670fd5cSchristosn=`expr $n + 1`
528*e670fd5cSchristosdone
529*e670fd5cSchristos
530*e670fd5cSchristosecho "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
531*e670fd5cSchristossleep $SLEEP1
532*e670fd5cSchristos
533*e670fd5cSchristosn=1
534*e670fd5cSchristoswhile [ $n -le $MMR ]; do
535*e670fd5cSchristosPORT=`expr $BASEPORT + $n`
536*e670fd5cSchristosURI="ldaps://${LOCALIP}:$PORT/"
537*e670fd5cSchristos
538*e670fd5cSchristosecho "Using ldapsearch to read all the entries from server $n..."
539*e670fd5cSchristos$LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD  \
540*e670fd5cSchristos	'objectclass=*' > $TESTDIR/server$n.out 2>&1
541*e670fd5cSchristosRC=$?
542*e670fd5cSchristos
543*e670fd5cSchristosif test $RC != 0 ; then
544*e670fd5cSchristos	echo "ldapsearch failed at server $n ($RC)!"
545*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
546*e670fd5cSchristos	exit $RC
547*e670fd5cSchristosfi
548*e670fd5cSchristos$LDIFFILTER -s a < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
549*e670fd5cSchristosn=`expr $n + 1`
550*e670fd5cSchristosdone
551*e670fd5cSchristos
552*e670fd5cSchristosn=2
553*e670fd5cSchristoswhile [ $n -le $MMR ]; do
554*e670fd5cSchristosecho "Comparing retrieved entries from server 1 and server $n..."
555*e670fd5cSchristos$CMP $PROVIDERFLT $TESTDIR/server$n.flt > $CMPOUT
556*e670fd5cSchristos
557*e670fd5cSchristosif test $? != 0 ; then
558*e670fd5cSchristos	echo "test failed - server 1 and server $n databases differ"
559*e670fd5cSchristos	test $KILLSERVERS != no && kill -HUP $KILLPIDS
560*e670fd5cSchristos	exit 1
561*e670fd5cSchristosfi
562*e670fd5cSchristosn=`expr $n + 1`
563*e670fd5cSchristosdone
564*e670fd5cSchristos
565*e670fd5cSchristostest $KILLSERVERS != no && kill -HUP $KILLPIDS
566*e670fd5cSchristos
567*e670fd5cSchristosecho ">>>>> Test succeeded"
568*e670fd5cSchristos
569*e670fd5cSchristostest $KILLSERVERS != no && wait
570*e670fd5cSchristos
571*e670fd5cSchristosexit 0
572