xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test071-dirsync (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2)

#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

# requires MSAD_URI, MSAD_SUFFIX, MSAD_ADMINDN, MSAD_ADMINPW
if test -z "$MSAD_URI"; then
	echo "No MSAD envvars set, test skipped"
	exit 0
fi
if test $SYNCPROV = syncprovno; then
	echo "Syncrepl provider overlay not available, test skipped"
	exit 0
fi

mkdir -p $TESTDIR $DBDIR2

URI1=$MSAD_URI
BASEDN="ou=OpenLDAPtest,$MSAD_SUFFIX"
DC=`echo $MSAD_SUFFIX | sed -e 's/dc=//' -e 's/,.*//'`

#
# Test replication:
# - populate MSAD over ldap
# - start consumer
# - perform some modifies and deletes
# - attempt to modify the consumer (referral)
# - retrieve database over ldap and compare against expected results
#

# Notes:
# We use a separate OU under the MSAD suffix to contain our test objects,
# since we can't just wipe out the entire directory when starting over.
# The replication search filter is thus more convoluted than would normally
# be needed. Typically it would only need (|(objectclass=user)(objectclass=group))
#
# MSAD does referential integrity by default, so to get 1-to-1 modifications
# we must add users before creating groups that reference them, and we
# should delete group memberships before deleting users. If we delete
# users first, MSAD will automatically remove them from their groups,
# but won't notify us of these changed groups.
# We could use the refint overlay to duplicate this behavior, but that's
# beyond the scope of this test.

echo "Using ldapsearch to check that MSAD is running..."
$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -s base -b "$MSAD_SUFFIX" -H $MSAD_URI 'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	exit $RC
fi

echo "Using ldapdelete to delete old MSAD test tree, if any..."
$LDAPDELETE -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW -r "$BASEDN"
RC=$?

echo "Using ldapadd to create the test context entry in MSAD..."
sed -e "s/dc=example,dc=com/$MSAD_SUFFIX/" < $LDIFDIRSYNCCP | \
	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1

RC=$?
if test $RC != 0 ; then
	echo "ldapadd failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Starting consumer slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND < $DIRSYNC1CONF | . $CONFDIRSYNC > $CONF2
$SLAPADD -f $CONF2 <<EOMODS
dn: $MSAD_SUFFIX
dc: $DC
objectclass: organization
objectclass: dcObject
o: OpenLDAP Testing

EOMODS
$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
CONSUMERPID=$!
if test $WAIT != 0 ; then
    echo CONSUMERPID $CONSUMERPID
    read foo
fi
KILLPIDS="$KILLPIDS $CONSUMERPID"

sleep 1

echo "Using ldapsearch to check that consumer slapd is running..."
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting 5 seconds for slapd to start..."
	sleep 5
done

if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi


echo "Using ldapsearch to check that consumer received context entry..."
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$BASEDN" -H $URI2 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting 5 seconds for syncrepl to catch up..."
	sleep 5
done

if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Using ldapadd to populate MSAD..."
sed -e "s/dc=example,dc=com/$BASEDN/" < $LDIFDIRSYNCNOCP | \
	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapadd failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

echo "Using ldapmodify to modify provider directory..."

#
# Do some modifications
#

$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
	$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
changetype: modify
add: carLicense
carLicense: Orange Juice
-
delete: sn
sn: Jones
-
add: sn
sn: Jones

dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
changetype: modify
replace: carLicense
carLicense: Iced Tea
carLicense: Mad Dog 20/20

dn: cn=ITD Staff,ou=Groups,$BASEDN
changetype: modify
delete: uniquemember
uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
-
add: uniquemember
uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, $BASEDN
uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN

dn: cn=All Staff,ou=Groups,$BASEDN
changetype: modify
replace: description
description: The whole universe
-
delete: member
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,$BASEDN

dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, $BASEDN
changetype: add
objectclass: inetorgperson
objectclass: domainrelatedobject
cn: Gern Jensen
sn: Jensen
uid: gjensen
title: Chief Investigator, ITD
postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
seealso: cn=All Staff, ou=Groups, $BASEDN
carLicense: Coffee
homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
description: Very odd
facsimiletelephonenumber: +1 313 555 7557
telephonenumber: +1 313 555 8343
mail: gjensen@mailgw.example.com
homephone: +1 313 555 8844
associateddomain: test.openldap.org

dn: ou=Retired, ou=People, $BASEDN
changetype: add
objectclass: organizationalUnit
ou: Retired

dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
changetype: add
objectclass: inetorgperson
objectclass: domainrelatedobject
cn: Rosco P. Coltrane
sn: Coltrane
uid: rosco
associateddomain: test.openldap.org

dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
changetype: modrdn
newrdn: cn=Rosco P. Coltrane
deleteoldrdn: 1
newsuperior: ou=Retired, ou=People, $BASEDN

dn: ou=testdomain1,$BASEDN
changetype: modrdn
newrdn: ou=itsdomain1
deleteoldrdn: 1

dn: ou=itsdomain1,$BASEDN
changetype: modify
replace: description
description: Example, Inc. ITS test domain

EOMODS

RC=$?
if test $RC != 0 ; then
	echo "ldapmodify failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

echo "Performing modrdn alone on the provider..."
$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
	$TESTOUT 2>&1 << EOMODS
dn: ou=testdomain2,$BASEDN
changetype: modrdn
newrdn: ou=itsdomain2
deleteoldrdn: 1

EOMODS

RC=$?
if test $RC != 0 ; then
	echo "ldapmodify failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

echo "Performing modify alone on the provider..."
$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
	$TESTOUT 2>&1 << EOMODS
dn: ou=itsdomain2,$BASEDN
changetype: modify
replace: description
description: Example, Inc. itsdomain2 test domain

EOMODS

RC=$?
if test $RC != 0 ; then
	echo "ldapmodify failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

echo "Performing larger modify on the provider..."
$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
	$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
changetype: delete

dn: cn=Alumni Assoc Staff,ou=Groups,$BASEDN
changetype: modify
replace: description
description: blablabla
-
replace: member
member: cn=Manager,$BASEDN
member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,$BASEDN
member: cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN
member: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,$BASEDN
member: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN

EOMODS

RC=$?
if test $RC != 0 ; then
	echo "ldapmodify failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1

OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"

echo "Using ldapsearch to read all the entries from the provider..."
$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -S "" -H $MSAD_URI -b "$MSAD_SUFFIX" -E \!dirsync=0/0 -o ldif_wrap=120 \
	'(associatedDomain=test.openldap.org)' > $PROVIDEROUT 2>&1
RC=$?

if test $RC != 0 ; then
	echo "ldapsearch failed at provider ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Using ldapsearch to read all the entries from the consumer..."
$LDAPSEARCH -S "" -b "$BASEDN" -H $URI2 -o ldif_wrap=120 \
	'(objectclass=*)' > $CONSUMEROUT 2>&1
RC=$?

if test $RC != 0 ; then
	echo "ldapsearch failed at consumer ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

echo "Filtering provider results..."
$LDIFFILTER -s a < $PROVIDEROUT | sed -e 's/CN=/cn=/g' -e 's/OU=/ou=/g' -e 's/DC=/dc=/g' > $PROVIDERFLT
echo "Filtering consumer results..."
$LDIFFILTER -s a < $CONSUMEROUT > $CONSUMERFLT

echo "Comparing retrieved entries from provider and consumer..."
$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT

if test $? != 0 ; then
	echo "test failed - provider and consumer databases differ"
	exit 1
fi

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0