1 #! /bin/sh 2 # $OpenLDAP$ 3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 ## 5 ## Copyright 1998-2024 The OpenLDAP Foundation. 6 ## All rights reserved. 7 ## 8 ## Redistribution and use in source and binary forms, with or without 9 ## modification, are permitted only as authorized by the OpenLDAP 10 ## Public License. 11 ## 12 ## A copy of this license is available in the file LICENSE in the 13 ## top-level directory of the distribution or, alternatively, at 14 ## <http://www.OpenLDAP.org/license.html>. 15 16 echo "running defines.sh" 17 . $SRCDIR/scripts/defines.sh 18 19 if test $MEMBEROF = memberofno; then 20 echo "Memberof overlay not available, test skipped" 21 exit 0 22 fi 23 24 mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir 25 26 $SLAPPASSWD -g -n >$CONFIGPWF 27 echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 28 29 echo "Starting slapd on TCP/IP port $PORT1..." 30 . $CONFFILTER $BACKEND < $NAKEDCONF > $CONF1 31 $SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 & 32 PID=$! 33 if test $WAIT != 0 ; then 34 echo PID $PID 35 read foo 36 fi 37 KILLPIDS="$PID" 38 39 sleep 1 40 for i in 0 1 2 3 4 5; do 41 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 42 'objectclass=*' > /dev/null 2>&1 43 RC=$? 44 if test $RC = 0 ; then 45 break 46 fi 47 echo "Waiting 5 seconds for slapd to start..." 48 sleep 5 49 done 50 if test $RC != 0 ; then 51 echo "ldapsearch failed ($RC)!" 52 test $KILLSERVERS != no && kill -HUP $KILLPIDS 53 exit $RC 54 fi 55 56 cat /dev/null > $TESTOUT 57 58 if [ "$MEMBEROF" = memberofmod ]; then 59 echo "Inserting memberof overlay on provider..." 60 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 61 dn: cn=module,cn=config 62 objectClass: olcModuleList 63 cn: module 64 olcModulePath: ../servers/slapd/overlays 65 olcModuleLoad: memberof.la 66 EOF 67 RC=$? 68 if test $RC != 0 ; then 69 echo "ldapadd failed for moduleLoad ($RC)!" 70 test $KILLSERVERS != no && kill -HUP $KILLPIDS 71 exit $RC 72 fi 73 fi 74 75 indexInclude="" mainInclude="" nullExclude="" 76 test $INDEXDB = indexdb || indexInclude="# " 77 test $MAINDB = maindb || mainInclude="# " 78 case $BACKEND in 79 null) nullExclude="# " ;; 80 esac 81 82 echo "Running ldapadd to build slapd config database..." 83 $LDAPADD -H $URI1 -D 'cn=config' -w `cat $CONFIGPWF` \ 84 >> $TESTOUT 2>&1 <<EOF 85 dn: cn=symas group example,cn=schema,cn=config 86 objectClass: olcSchemaConfig 87 cn: symas group example 88 olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 89 NAME 'memberA' SUP distinguishedName ) 90 olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2 91 NAME 'memberOfA' SUP distinguishedName ) 92 olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 93 NAME 'memberB' SUP distinguishedName ) 94 olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 95 NAME 'memberOfB' SUP distinguishedName ) 96 olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.5 97 NAME 'memberOfC' SUP distinguishedName ) 98 olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 99 NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA ) 100 olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 101 NAME 'groupMemberA' SUP top AUXILIARY MAY ( memberOfA $ memberOfC ) ) 102 olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 103 NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB ) 104 olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 105 NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB ) 106 107 dn: olcDatabase={1}$BACKEND,cn=config 108 objectClass: olcDatabaseConfig 109 ${nullExclude}objectClass: olc${BACKEND}Config 110 olcDatabase: {1}$BACKEND 111 olcSuffix: $BASEDN 112 olcRootDN: cn=Manager,$BASEDN 113 olcRootPW:: c2VjcmV0 114 olcMonitoring: TRUE 115 ${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/ 116 ${indexInclude}olcDbIndex: objectClass eq 117 ${indexInclude}olcDbIndex: cn pres,eq,sub 118 ${indexInclude}olcDbIndex: uid pres,eq,sub 119 ${indexInclude}olcDbIndex: sn pres,eq,sub 120 ${mainInclude}olcDbMode: 384" 121 122 dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config 123 objectClass: olcOverlayConfig 124 objectClass: olcMemberOfConfig 125 olcOverlay: {0}memberof 126 olcMemberOfRefInt: TRUE 127 olcMemberOfGroupOC: groupOfNames 128 olcMemberOfMemberAD: member 129 olcMemberOfMemberOfAD: memberOf 130 131 dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config 132 objectClass: olcOverlayConfig 133 objectClass: olcMemberOfConfig 134 olcOverlay: {1}memberof 135 olcMemberOfRefInt: TRUE 136 olcMemberOfGroupOC: groupA 137 olcMemberOfMemberAD: memberA 138 olcMemberOfMemberOfAD: memberOfA 139 140 dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config 141 objectClass: olcOverlayConfig 142 objectClass: olcMemberOfConfig 143 olcOverlay: {2}memberof 144 olcMemberOfRefInt: TRUE 145 olcMemberOfGroupOC: groupB 146 olcMemberOfMemberAD: memberB 147 olcMemberOfMemberOfAD: memberOfB 148 149 EOF 150 RC=$? 151 if test $RC != 0 ; then 152 echo "ldapadd failed ($RC)!" 153 test $KILLSERVERS != no && kill -HUP $KILLPIDS 154 exit $RC 155 fi 156 157 echo "Running ldapadd to build slapd database..." 158 $LDAPADD -H $URI1 \ 159 -D "cn=Manager,$BASEDN" -w secret \ 160 >> $TESTOUT 2>&1 << EOF 161 dn: $BASEDN 162 objectClass: organization 163 objectClass: dcObject 164 o: Example, Inc. 165 dc: example 166 167 dn: ou=People,$BASEDN 168 objectClass: organizationalUnit 169 ou: People 170 171 dn: ou=Groups,$BASEDN 172 objectClass: organizationalUnit 173 ou: Groups 174 175 dn: cn=Roger Rabbit,ou=People,$BASEDN 176 objectClass: inetOrgPerson 177 cn: Roger Rabbit 178 sn: Rabbit 179 180 dn: cn=Baby Herman,ou=People,$BASEDN 181 objectClass: inetOrgPerson 182 cn: Baby Herman 183 sn: Herman 184 185 dn: cn=Cartoonia,ou=Groups,$BASEDN 186 objectClass: groupOfNames 187 cn: Cartoonia 188 member: cn=Roger Rabbit,ou=People,$BASEDN 189 member: cn=Baby Herman,ou=People,$BASEDN 190 EOF 191 RC=$? 192 if test $RC != 0 ; then 193 echo "ldapadd failed ($RC)!" 194 test $KILLSERVERS != no && kill -HUP $KILLPIDS 195 exit $RC 196 fi 197 198 echo "Search the entire database..." 199 echo "# Search the entire database..." >> $SEARCHOUT 200 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 201 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 202 RC=$? 203 if test $RC != 0 ; then 204 echo "ldapsearch failed ($RC)!" 205 test $KILLSERVERS != no && kill -HUP $KILLPIDS 206 exit $RC 207 fi 208 209 echo "Running ldapmodify to add a member..." 210 $LDAPMODIFY -H $URI1 \ 211 -D "cn=Manager,$BASEDN" -w secret \ 212 >> $TESTOUT 2>&1 << EOF 213 dn: cn=Jessica Rabbit,ou=People,$BASEDN 214 changetype: add 215 objectClass: inetOrgPerson 216 cn: Jessica Rabbit 217 sn: Rabbit 218 219 dn: cn=Cartoonia,ou=Groups,$BASEDN 220 changetype: modify 221 add: member 222 member: cn=Jessica Rabbit,ou=People,$BASEDN 223 EOF 224 225 echo "Re-search the entire database..." 226 echo "# Re-search the entire database after adding Jessica Rabbit and Cartoonia..." >> $SEARCHOUT 227 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 228 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 229 RC=$? 230 if test $RC != 0 ; then 231 echo "ldapsearch failed ($RC)!" 232 test $KILLSERVERS != no && kill -HUP $KILLPIDS 233 exit $RC 234 fi 235 236 echo "Running ldapmodify to rename a member..." 237 $LDAPMODIFY -H $URI1 \ 238 -D "cn=Manager,$BASEDN" -w secret \ 239 >> $TESTOUT 2>&1 << EOF 240 dn: cn=Baby Herman,ou=People,$BASEDN 241 changetype: modrdn 242 newrdn: cn=Baby Herman Jr 243 deleteoldrdn: 1 244 EOF 245 246 echo "Re-search the entire database..." 247 echo "# Re-search the entire database after renaming Baby Herman..." >> $SEARCHOUT 248 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 249 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 250 RC=$? 251 if test $RC != 0 ; then 252 echo "ldapsearch failed ($RC)!" 253 test $KILLSERVERS != no && kill -HUP $KILLPIDS 254 exit $RC 255 fi 256 257 echo "Running ldapmodify to rename a group..." 258 $LDAPMODIFY -H $URI1 \ 259 -D "cn=Manager,$BASEDN" -w secret \ 260 >> $TESTOUT 2>&1 << EOF 261 dn: cn=Cartoonia,ou=Groups,$BASEDN 262 changetype: modrdn 263 newrdn: cn=Toon town 264 deleteoldrdn: 1 265 266 dn: cn=Toon town,ou=Groups,$BASEDN 267 changetype: modrdn 268 newrdn: cn=Toon Town 269 deleteoldrdn: 1 270 EOF 271 272 echo "Re-search the entire database..." 273 echo "# Re-search the entire database after renaming Cartoonia..." >> $SEARCHOUT 274 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 275 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 276 RC=$? 277 if test $RC != 0 ; then 278 echo "ldapsearch failed ($RC)!" 279 test $KILLSERVERS != no && kill -HUP $KILLPIDS 280 exit $RC 281 fi 282 283 echo "Running ldapmodify to add self..." 284 $LDAPMODIFY -H $URI1 \ 285 -D "cn=Manager,$BASEDN" -w secret \ 286 >> $TESTOUT 2>&1 << EOF 287 dn: cn=Toon Town,ou=Groups,$BASEDN 288 changetype: modify 289 add: member 290 member: cn=Toon Town,ou=Groups,$BASEDN 291 EOF 292 293 echo "Re-search the entire database..." 294 echo "# Re-search the entire database after adding Toon Town to self..." >> $SEARCHOUT 295 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 296 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 297 RC=$? 298 if test $RC != 0 ; then 299 echo "ldapsearch failed ($RC)!" 300 test $KILLSERVERS != no && kill -HUP $KILLPIDS 301 exit $RC 302 fi 303 304 echo "Running ldapdelete to remove a member..." 305 $LDAPMODIFY -H $URI1 \ 306 -D "cn=Manager,$BASEDN" -w secret \ 307 >> $TESTOUT 2>&1 << EOF 308 dn: cn=Baby Herman Jr,ou=People,$BASEDN 309 changetype: delete 310 EOF 311 312 echo "Re-search the entire database..." 313 echo "# Re-search the entire database after deleting Baby Herman..." >> $SEARCHOUT 314 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 315 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 316 RC=$? 317 if test $RC != 0 ; then 318 echo "ldapsearch failed ($RC)!" 319 test $KILLSERVERS != no && kill -HUP $KILLPIDS 320 exit $RC 321 fi 322 323 echo "Running ldapdelete to remove a group..." 324 $LDAPMODIFY -H $URI1 \ 325 -D "cn=Manager,$BASEDN" -w secret \ 326 >> $TESTOUT 2>&1 << EOF 327 dn: cn=Toon Town,ou=Groups,$BASEDN 328 changetype: delete 329 EOF 330 331 echo "Re-search the entire database..." 332 echo "# Re-search the entire database after deleting Toon Town..." >> $SEARCHOUT 333 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 334 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 335 RC=$? 336 if test $RC != 0 ; then 337 echo "ldapsearch failed ($RC)!" 338 test $KILLSERVERS != no && kill -HUP $KILLPIDS 339 exit $RC 340 fi 341 342 echo "Adding groups with MAY member type schemas..." 343 $LDAPMODIFY -H $URI1 \ 344 -D "cn=Manager,$BASEDN" -w secret \ 345 >> $TESTOUT 2>&1 <<EOF 346 dn: cn=Roger Rabbit,ou=People,$BASEDN 347 changetype: delete 348 349 dn: cn=Jessica Rabbit,ou=People,$BASEDN 350 changetype: delete 351 352 dn: cn=person1,ou=People,$BASEDN 353 changetype: add 354 objectClass: person 355 objectClass: groupMemberA 356 objectClass: groupMemberB 357 cn: person1 358 sn: person1 359 360 dn: cn=person2,ou=People,$BASEDN 361 changetype: add 362 objectClass: person 363 objectClass: groupMemberA 364 objectClass: groupMemberB 365 cn: person2 366 sn: person2 367 368 dn: cn=group1,ou=Groups,$BASEDN 369 changetype: add 370 objectclass: groupA 371 cn: group1 372 memberA: cn=person1,ou=People,$BASEDN 373 memberA: cn=person2,ou=People,$BASEDN 374 375 dn: cn=group2,ou=Groups,$BASEDN 376 changetype: add 377 objectclass: groupB 378 cn: group2 379 memberB: cn=person1,ou=People,$BASEDN 380 memberB: cn=person2,ou=People,$BASEDN 381 382 dn: cn=group1,ou=Groups,$BASEDN 383 changetype: modify 384 delete: memberA 385 386 EOF 387 388 echo "Re-search the entire database..." 389 echo "# Re-search the entire database after adding groups with MAY member type schemas..." >> $SEARCHOUT 390 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 391 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 392 RC=$? 393 if test $RC != 0 ; then 394 echo "ldapsearch failed ($RC)!" 395 test $KILLSERVERS != no && kill -HUP $KILLPIDS 396 exit $RC 397 fi 398 399 echo "Running ldapmodify to reconfigure the schema used..." 400 $LDAPADD -H $URI1 -D 'cn=config' -w `cat $CONFIGPWF` \ 401 >> $TESTOUT 2>&1 <<EOF 402 dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config 403 changetype: modify 404 replace: olcMemberOfMemberOfAD 405 olcMemberOfMemberOfAD: memberOfC 406 407 EOF 408 RC=$? 409 if test $RC != 0 ; then 410 echo "ldapadd failed ($RC)!" 411 test $KILLSERVERS != no && kill -HUP $KILLPIDS 412 exit $RC 413 fi 414 415 echo "Updating groups to expose the new setting..." 416 $LDAPMODIFY -H $URI1 \ 417 -D "cn=Manager,$BASEDN" -w secret \ 418 >> $TESTOUT 2>&1 <<EOF 419 dn: cn=group1,ou=Groups,$BASEDN 420 changetype: modify 421 add: memberA 422 memberA: cn=person1,ou=People,$BASEDN 423 memberA: cn=person2,ou=People,$BASEDN 424 425 EOF 426 RC=$? 427 if test $RC != 0 ; then 428 echo "ldapmodify failed ($RC)!" 429 test $KILLSERVERS != no && kill -HUP $KILLPIDS 430 exit $RC 431 fi 432 433 echo "Re-search the entire database..." 434 echo "# Re-search the entire database after updating memberof configuration..." >> $SEARCHOUT 435 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 436 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 437 RC=$? 438 if test $RC != 0 ; then 439 echo "ldapsearch failed ($RC)!" 440 test $KILLSERVERS != no && kill -HUP $KILLPIDS 441 exit $RC 442 fi 443 444 echo "Running ldapmodify to enable add checking..." 445 $LDAPMODIFY -H $URI1 -D 'cn=config' -w `cat $CONFIGPWF` \ 446 >> $TESTOUT 2>&1 <<EOF 447 dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config 448 changetype: modify 449 replace: olcMemberOfAddCheck 450 olcMemberOfAddCheck: TRUE 451 452 EOF 453 RC=$? 454 if test $RC != 0 ; then 455 echo "ldapmodify failed ($RC)!" 456 test $KILLSERVERS != no && kill -HUP $KILLPIDS 457 exit $RC 458 fi 459 460 echo "Adding group and users out of order..." 461 $LDAPADD -H $URI1 \ 462 -D "cn=Manager,$BASEDN" -w secret \ 463 >> $TESTOUT 2>&1 <<EOF 464 dn: cn=group3,ou=Groups,$BASEDN 465 objectclass: groupOfNames 466 cn: group3 467 member: cn=New Person,ou=People,$BASEDN 468 member: cn=New Group,ou=Groups,$BASEDN 469 470 dn: cn=New Group,ou=Groups,$BASEDN 471 objectclass: groupOfNames 472 cn: New Group 473 member: cn=New Person,ou=People,$BASEDN 474 475 dn: cn=New Person,ou=People,$BASEDN 476 objectclass: person 477 cn: New Person 478 sn: Person 479 480 EOF 481 RC=$? 482 if test $RC != 0 ; then 483 echo "ldapadd failed ($RC)!" 484 test $KILLSERVERS != no && kill -HUP $KILLPIDS 485 exit $RC 486 fi 487 488 echo "Re-search the entire database..." 489 echo "# Re-search the entire database after adding out-of-order groups/users..." >> $SEARCHOUT 490 $LDAPSEARCH -S "" -b "$BASEDN" -H $URI1 \ 491 '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 492 RC=$? 493 if test $RC != 0 ; then 494 echo "ldapsearch failed ($RC)!" 495 test $KILLSERVERS != no && kill -HUP $KILLPIDS 496 exit $RC 497 fi 498 499 test $KILLSERVERS != no && kill -HUP $KILLPIDS 500 501 LDIF=$MEMBEROFOUT 502 503 echo "Filtering ldapsearch results..." 504 $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 505 echo "Filtering original ldif used to create database..." 506 $LDIFFILTER < $LDIF > $LDIFFLT 507 echo "Comparing filter output..." 508 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 509 510 if test $? != 0 ; then 511 echo "Comparison failed" 512 exit 1 513 fi 514 515 echo ">>>>> Test succeeded" 516 517 test $KILLSERVERS != no && wait 518 519 exit 0 520
Indexes created Tue Feb 24 08:35:24 UTC 2026