1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $SYNCPROV = syncprovno; then 20 echo "Syncrepl provider overlay not available, test skipped" 21 exit 0 22fi 23if test $ACCESSLOG = accesslogno; then 24 echo "Accesslog overlay not available, test skipped" 25 exit 0 26fi 27 28CFPRO=$TESTDIR/cfpro.d 29CFCON=$TESTDIR/cfcon.d 30 31mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR1D $DBDIR2A $CFPRO $CFCON 32 33$SLAPPASSWD -g -n >$CONFIGPWF 34 35if test x"$SYNCMODE" = x ; then 36 SYNCMODE=rp 37fi 38case "$SYNCMODE" in 39 ro) 40 SYNCTYPE="type=refreshOnly interval=00:00:00:03" 41 ;; 42 rp) 43 SYNCTYPE="type=refreshAndPersist" 44 ;; 45 *) 46 echo "unknown sync mode $SYNCMODE" 47 exit 1; 48 ;; 49esac 50 51# 52# Test replication of dynamic config with alternate consumer config: 53# - start provider 54# - start consumer 55# - configure over ldap 56# - populate over ldap 57# - configure syncrepl over ldap 58# - retrieve database over ldap and compare against expected results 59# 60 61echo "Starting provider slapd on TCP/IP port $PORT1..." 62. $CONFFILTER $BACKEND < $DYNAMICCONF > $CONFLDIF 63$SLAPADD -F $CFPRO -n 0 -l $CONFLDIF 64$SLAPD -F $CFPRO -h $URI1 -d $LVL > $LOG1 2>&1 & 65PID=$! 66if test $WAIT != 0 ; then 67 echo PID $PID 68 read foo 69fi 70KILLPIDS="$PID" 71 72sleep 1 73 74echo "Using ldapsearch to check that provider slapd is running..." 75for i in 0 1 2 3 4 5; do 76 $LDAPSEARCH -s base -b "" -H $URI1 \ 77 'objectclass=*' > /dev/null 2>&1 78 RC=$? 79 if test $RC = 0 ; then 80 break 81 fi 82 echo "Waiting 5 seconds for slapd to start..." 83 sleep 5 84done 85 86if test $RC != 0 ; then 87 echo "ldapsearch failed ($RC)!" 88 test $KILLSERVERS != no && kill -HUP $KILLPIDS 89 exit $RC 90fi 91 92echo "Inserting syncprov and accesslog overlays on provider..." 93if [ "$SYNCPROV" = syncprovmod -a "$ACCESSLOG" = accesslogmod ]; then 94 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 95dn: cn=module,cn=config 96objectClass: olcModuleList 97cn: module 98olcModulePath: ../servers/slapd/overlays 99olcModuleLoad: syncprov.la 100olcModuleLoad: accesslog.la 101EOF 102 RC=$? 103 if test $RC != 0 ; then 104 echo "ldapadd failed for moduleLoad of syncprov and accesslog ($RC)!" 105 test $KILLSERVERS != no && kill -HUP $KILLPIDS 106 exit $RC 107 fi 108elif [ "$SYNCPROV" = syncprovmod ]; then 109 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 110dn: cn=module,cn=config 111objectClass: olcModuleList 112cn: module 113olcModulePath: ../servers/slapd/overlays 114olcModuleLoad: syncprov.la 115EOF 116 RC=$? 117 if test $RC != 0 ; then 118 echo "ldapadd failed for moduleLoad of syncprov ($RC)!" 119 test $KILLSERVERS != no && kill -HUP $KILLPIDS 120 exit $RC 121 fi 122elif [ "$ACCESSLOG" = accesslogmod ]; then 123 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 124dn: cn=module,cn=config 125objectClass: olcModuleList 126cn: module 127olcModulePath: ../servers/slapd/overlays 128olcModuleLoad: accesslog.la 129EOF 130 RC=$? 131 if test $RC != 0 ; then 132 echo "ldapadd failed for moduleLoad of accesslog ($RC)!" 133 test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 exit $RC 135 fi 136fi 137 138echo "Adding backend accesslog databases using $BACKEND..." 139if [ "$BACKENDTYPE" = mod ]; then 140 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 141dn: cn=module,cn=config 142objectClass: olcModuleList 143cn: module 144olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND 145olcModuleLoad: back_$BACKEND.la 146EOF 147 RC=$? 148 if test $RC != 0 ; then 149 echo "ldapadd failed for moduleLoad of $BACKEND ($RC)!" 150 test $KILLSERVERS != no && kill -HUP $KILLPIDS 151 exit $RC 152 fi 153fi 154 155read CONFIGPW < $CONFIGPWF 156$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 157dn: olcDatabase={1}$BACKEND,cn=config 158objectClass: olcDatabaseConfig 159objectClass: olc${BACKEND}Config 160olcDatabase: {1}$BACKEND 161olcSuffix: cn=accesslog 162${nullExclude}olcDbDirectory: $DBDIR1C 163olcRootDN: cn=config 164olcSizeLimit: unlimited 165olcTimeLimit: unlimited 166olcDbIndex: default eq 167olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 168 169dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config 170changetype: add 171objectClass: olcOverlayConfig 172objectClass: olcSyncProvConfig 173olcOverlay: syncprov 174olcSpNoPresent: TRUE 175olcSpReloadHint: TRUE 176 177dn: olcDatabase={2}$BACKEND,cn=config 178objectClass: olcDatabaseConfig 179objectClass: olc${BACKEND}Config 180olcDatabase: {2}$BACKEND 181olcSuffix: cn=consumer-accesslog 182${nullExclude}olcDbDirectory: $DBDIR1D 183olcRootDN: cn=consumer,cn=config 184olcSizeLimit: unlimited 185olcTimeLimit: unlimited 186olcDbIndex: default eq 187olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 188 189dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 190changetype: add 191objectClass: olcOverlayConfig 192objectClass: olcSyncProvConfig 193olcOverlay: syncprov 194olcSpNoPresent: TRUE 195olcSpReloadHint: TRUE 196EOF 197 198RC=$? 199if test $RC != 0 ; then 200 echo "ldapadd failed for accesslog databases using $BACKEND ($RC)!" 201 test $KILLSERVERS != no && kill -HUP $KILLPIDS 202 exit $RC 203fi 204 205$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 206dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config 207changetype: add 208objectClass: olcOverlayConfig 209objectClass: olcSyncProvConfig 210olcOverlay: syncprov 211 212dn: olcOverlay=accesslog,olcDatabase={0}config,cn=config 213changetype: add 214objectClass: olcOverlayConfig 215objectClass: olcAccessLogConfig 216olcOverlay: accesslog 217olcAccessLogDB: cn=accesslog 218olcAccessLogOps: writes 219olcAccessLogPurge: 07+00:00 01+00:00 220olcAccessLogSuccess: TRUE 221EOF 222 223RC=$? 224if test $RC != 0 ; then 225 echo "ldapmodify failed for syncprov and accesslog overlay config ($RC)!" 226 test $KILLSERVERS != no && kill -HUP $KILLPIDS 227 exit $RC 228fi 229 230# Consumers will not replicate the provider's actual cn=config. 231# Instead, they will use an alternate DB so that they may be 232# configured differently from the provider. This alternate DB 233# will also be a consumer for the real cn=schema,cn=config tree. 234# It has multi-provider enabled so that it can be written directly 235# while being a consumer of the main schema. 236echo "Configuring consumer config DB on provider..." 237$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 238dn: cn=config 239changetype: modify 240add: olcServerID 241olcServerID: 1 242 243dn: olcDatabase={1}ldif,cn=config 244changetype: add 245objectClass: olcDatabaseConfig 246objectClass: olcLdifConfig 247olcDatabase: {1}ldif 248olcDbDirectory: $DBDIR1A 249olcSuffix: cn=config,cn=consumer 250olcRootDN: cn=config,cn=consumer 251olcRootPW: repsecret 252olcAccess: to * by dn.base="cn=config" write 253 254dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config 255changetype: add 256objectClass: olcOverlayConfig 257objectClass: olcSyncProvConfig 258olcOverlay: syncprov 259 260dn: olcOverlay=accesslog,olcDatabase={1}ldif,cn=config 261changetype: add 262objectClass: olcOverlayConfig 263objectClass: olcAccessLogConfig 264olcOverlay: accesslog 265olcAccessLogDB: cn=consumer-accesslog 266olcAccessLogOps: writes 267olcAccessLogPurge: 07+00:00 01+00:00 268olcAccessLogSuccess: TRUE 269 270dn: cn=config,cn=consumer 271changetype: add 272objectClass: olcGlobal 273cn: consumerconfig 274 275dn: olcDatabase={0}config,cn=config,cn=consumer 276changetype: add 277objectClass: olcDatabaseConfig 278olcDatabase: {0}config 279olcRootPW: topsecret 280olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 281 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 282 $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config" 283olcUpdateRef: $URI1 284 285dn: olcDatabase={1}ldif,cn=config 286changetype: modify 287add: olcSyncrepl 288olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config" 289 bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" 290 $SYNCTYPE retry="3 5 300 5" timeout=3 291 suffixmassage="cn=schema,cn=config,cn=consumer" 292- 293add: olcMultiProvider 294olcMultiProvider: TRUE 295 296EOF 297RC=$? 298if test $RC != 0 ; then 299 echo "ldapmodify failed for consumer DB config ($RC)!" 300 test $KILLSERVERS != no && kill -HUP $KILLPIDS 301 exit $RC 302fi 303 304echo "Starting consumer slapd on TCP/IP port $PORT2..." 305$SLAPADD -F $CFCON -n 0 -l $CONFLDIF 306$SLAPD -F $CFCON -h $URI2 -d $LVL > $LOG2 2>&1 & 307CONSUMERPID=$! 308if test $WAIT != 0 ; then 309 echo CONSUMERPID $CONSUMERPID 310 read foo 311fi 312KILLPIDS="$KILLPIDS $CONSUMERPID" 313 314sleep 1 315 316echo "Using ldapsearch to check that consumer slapd is running..." 317for i in 0 1 2 3 4 5; do 318 $LDAPSEARCH -s base -b "" -H $URI2 \ 319 'objectclass=*' > /dev/null 2>&1 320 RC=$? 321 if test $RC = 0 ; then 322 break 323 fi 324 echo "Waiting 5 seconds for slapd to start..." 325 sleep 5 326done 327 328if test $RC != 0 ; then 329 echo "ldapsearch failed ($RC)!" 330 test $KILLSERVERS != no && kill -HUP $KILLPIDS 331 exit $RC 332fi 333 334echo "Configuring syncrepl on consumer..." 335$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 336dn: olcDatabase={0}config,cn=config 337changetype: modify 338add: olcSyncRepl 339olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 340 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 341 $SYNCTYPE retry="3 5 300 5" timeout=3 logbase="cn=consumer-accesslog" 342 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" 343 syncdata=accesslog suffixmassage="cn=config" 344- 345add: olcUpdateRef 346olcUpdateRef: $URI1 347EOF 348 349sleep 1 350 351echo "Using ldapsearch to check that syncrepl received config changes..." 352RC=32 353for i in 0 1 2 3 4 5; do 354 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 355 -s base -b "olcDatabase={0}config,cn=config" \ 356 '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 357 if test "x$RESULT" = "xOK" ; then 358 RC=0 359 break 360 fi 361 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 362 sleep $SLEEP1 363done 364 365if test $RC != 0 ; then 366 echo "ldapsearch failed ($RC)!" 367 test $KILLSERVERS != no && kill -HUP $KILLPIDS 368 exit $RC 369fi 370 371echo "Adding schema and databases on provider..." 372$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 373include: file://$ABS_SCHEMADIR/core.ldif 374 375include: file://$ABS_SCHEMADIR/cosine.ldif 376 377include: file://$ABS_SCHEMADIR/inetorgperson.ldif 378 379include: file://$ABS_SCHEMADIR/openldap.ldif 380 381include: file://$ABS_SCHEMADIR/nis.ldif 382EOF 383RC=$? 384if test $RC != 0 ; then 385 echo "ldapadd failed for schema config ($RC)!" 386 test $KILLSERVERS != no && kill -HUP $KILLPIDS 387 exit $RC 388fi 389 390echo "Using ldapsearch to check that syncrepl received the schema changes..." 391RC=32 392for i in 0 1 2 3 4 5; do 393 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 394 -s sub -b "cn=schema,cn=config" \ 395 '(cn=*openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'` 396 if test "x$RESULT" = "xOK" ; then 397 RC=0 398 break 399 fi 400 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 401 sleep $SLEEP1 402done 403 404if test "x$RESULT" != "xOK" ; then 405 echo "consumer never received complete schema!" 406 test $KILLSERVERS != no && kill -HUP $KILLPIDS 407 exit 1 408fi 409 410nullExclude="" nullOK="" 411test $BACKEND = null && nullExclude="# " nullOK="OK" 412 413if [ "$BACKENDTYPE" = mod ]; then 414 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 415dn: cn=module,cn=config,cn=consumer 416objectClass: olcModuleList 417cn: module 418olcModulePath: ../servers/slapd/back-$BACKEND 419olcModuleLoad: back_$BACKEND.la 420EOF 421 RC=$? 422 if test $RC != 0 ; then 423 echo "ldapadd failed for backend config ($RC)!" 424 test $KILLSERVERS != no && kill -HUP $KILLPIDS 425 exit $RC 426 fi 427fi 428 429$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 430dn: olcDatabase={2}$BACKEND,cn=config 431objectClass: olcDatabaseConfig 432${nullExclude}objectClass: olc${BACKEND}Config 433olcDatabase: {2}$BACKEND 434olcSuffix: $BASEDN 435${nullExclude}olcDbDirectory: $DBDIR1B 436olcRootDN: $MANAGERDN 437olcRootPW: $PASSWD 438olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 439 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 440 retry="3 5 300 5" timeout=3 441olcUpdateRef: $URI1 442 443dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 444changetype: add 445objectClass: olcOverlayConfig 446objectClass: olcSyncProvConfig 447olcOverlay: syncprov 448 449dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer 450objectClass: olcDatabaseConfig 451${nullExclude}objectClass: olc${BACKEND}Config 452olcDatabase: {1}$BACKEND 453olcSuffix: $BASEDN 454${nullExclude}olcDbDirectory: $DBDIR2A 455olcRootDN: $MANAGERDN 456olcRootPW: $PASSWD 457olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 458 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 459 retry="3 5 300 5" timeout=3 460olcUpdateRef: $URI1 461 462EOF 463RC=$? 464if test $RC != 0 ; then 465 echo "ldapadd failed for database config ($RC)!" 466 test $KILLSERVERS != no && kill -HUP $KILLPIDS 467 exit $RC 468fi 469 470if test $INDEXDB = indexdb ; then 471 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 472dn: olcDatabase={2}$BACKEND,cn=config 473changetype: modify 474add: olcDbIndex 475olcDbIndex: objectClass,entryUUID,entryCSN eq 476olcDbIndex: cn,uid pres,eq,sub 477EOF 478 RC=$? 479 if test $RC != 0 ; then 480 echo "ldapadd modify for database config ($RC)!" 481 test $KILLSERVERS != no && kill -HUP $KILLPIDS 482 exit $RC 483 fi 484fi 485 486echo "Using ldapadd to populate provider..." 487$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ 488 >> $TESTOUT 2>&1 489RC=$? 490if test $RC != 0 ; then 491 echo "ldapadd failed for database config ($RC)!" 492 test $KILLSERVERS != no && kill -HUP $KILLPIDS 493 exit $RC 494fi 495 496echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 497sleep $SLEEP1 498 499echo "Using ldapsearch to check that syncrepl received database changes..." 500RC=32 501for i in 0 1 2 3 4 5; do 502 RESULT=`$LDAPSEARCH -H $URI2 \ 503 -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ 504 '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 505 if test "x$RESULT$nullOK" = "xOK" ; then 506 RC=0 507 break 508 fi 509 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 510 sleep $SLEEP1 511done 512 513if test $RC != 0 ; then 514 echo "ldapsearch failed ($RC)!" 515 test $KILLSERVERS != no && kill -HUP $KILLPIDS 516 exit $RC 517fi 518 519echo "Using ldapsearch to read all the entries from the provider..." 520$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 521 'objectclass=*' > $PROVIDEROUT 2>&1 522RC=$? 523 524if test $RC != 0 ; then 525 echo "ldapsearch failed at provider ($RC)!" 526 test $KILLSERVERS != no && kill -HUP $KILLPIDS 527 exit $RC 528fi 529 530echo "Using ldapsearch to read all the entries from the consumer..." 531$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ 532 'objectclass=*' > $CONSUMEROUT 2>&1 533RC=$? 534 535if test $RC != 0 ; then 536 echo "ldapsearch failed at consumer ($RC)!" 537 test $KILLSERVERS != no && kill -HUP $KILLPIDS 538 exit $RC 539fi 540 541test $KILLSERVERS != no && kill -HUP $KILLPIDS 542 543echo "Filtering provider results..." 544$LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT 545echo "Filtering consumer results..." 546$LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT 547 548echo "Comparing retrieved entries from provider and consumer..." 549$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT 550 551if test $? != 0 ; then 552 echo "test failed - provider and consumer databases differ" 553 exit 1 554fi 555 556echo ">>>>> Test succeeded" 557 558test $KILLSERVERS != no && wait 559 560exit 0 561