test065-proxyauthz revision 1.1
1 1.1 christos #! /bin/sh 2 1.1 christos # $OpenLDAP$ 3 1.1 christos ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 1.1 christos ## 5 1.1 christos ## Copyright 1998-2016 The OpenLDAP Foundation. 6 1.1 christos ## All rights reserved. 7 1.1 christos ## 8 1.1 christos ## Redistribution and use in source and binary forms, with or without 9 1.1 christos ## modification, are permitted only as authorized by the OpenLDAP 10 1.1 christos ## Public License. 11 1.1 christos ## 12 1.1 christos ## A copy of this license is available in the file LICENSE in the 13 1.1 christos ## top-level directory of the distribution or, alternatively, at 14 1.1 christos ## <http://www.OpenLDAP.org/license.html>. 15 1.1 christos 16 1.1 christos PCACHETTL=${PCACHETTL-"1m"} 17 1.1 christos PCACHENTTL=${PCACHENTTL-"1m"} 18 1.1 christos PCACHESTTL=${PCACHESTTL-"1m"} 19 1.1 christos PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"} 20 1.1 christos PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"} 21 1.1 christos PCACHETTR=${PCACHETTR-"2"} 22 1.1 christos PCACHEBTTR=${PCACHEBTTR-"5"} 23 1.1 christos 24 1.1 christos . $SRCDIR/scripts/defines.sh 25 1.1 christos 26 1.1 christos LVL=0x100 27 1.1 christos 28 1.1 christos if test $PROXYCACHE = pcacheno; then 29 1.1 christos echo "Proxy cache overlay not available, test skipped" 30 1.1 christos exit 0 31 1.1 christos fi 32 1.1 christos 33 1.1 christos if test $BACKLDAP = "ldapno" ; then 34 1.1 christos echo "LDAP backend not available, test skipped" 35 1.1 christos exit 0 36 1.1 christos fi 37 1.1 christos 38 1.1 christos if test $BACKEND = ldif ; then 39 1.1 christos # The (mail=example.com*) queries hit a sizelimit, so which 40 1.1 christos # entry is returned depends on the ordering in the backend. 41 1.1 christos echo "Test does not support $BACKEND backend, test skipped" 42 1.1 christos exit 0 43 1.1 christos fi 44 1.1 christos 45 1.1 christos mkdir -p $TESTDIR $DBDIR1 $DBDIR2 46 1.1 christos 47 1.1 christos # Test proxy caching: 48 1.1 christos # - start master 49 1.1 christos # - start proxy cache 50 1.1 christos # - populate master 51 1.1 christos # - perform a first search 52 1.1 christos # - verify cacheability 53 1.1 christos # - perform a second search with the same filter and same user 54 1.1 christos # - verify answerability and cacheability of the bind 55 1.1 christos # - perform a third search with the same user but a different filter 56 1.1 christos # - verify cacheability of the bind and the non-answerability of the result 57 1.1 christos 58 1.1 christos echo "Starting master slapd on TCP/IP port $PORT1..." 59 1.1 christos . $CONFFILTER < $PROXYAUTHZMASTERCONF > $CONF1 60 1.1 christos $SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 61 1.1 christos PID=$! 62 1.1 christos if test $WAIT != 0 ; then 63 1.1 christos echo PID $PID 64 1.1 christos read foo 65 1.1 christos fi 66 1.1 christos KILLPIDS="$PID" 67 1.1 christos 68 1.1 christos sleep 1 69 1.1 christos 70 1.1 christos echo "Using ldapsearch to check that master slapd is running..." 71 1.1 christos for i in 0 1 2 3 4 5; do 72 1.1 christos $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 73 1.1 christos -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 74 1.1 christos RC=$? 75 1.1 christos if test $RC = 0 ; then 76 1.1 christos break 77 1.1 christos fi 78 1.1 christos echo "Waiting 5 seconds for slapd to start..." 79 1.1 christos sleep 5 80 1.1 christos done 81 1.1 christos 82 1.1 christos if test $RC != 0 ; then 83 1.1 christos echo "ldapsearch failed ($RC)!" 84 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 85 1.1 christos exit $RC 86 1.1 christos fi 87 1.1 christos 88 1.1 christos echo "Using ldapadd to populate the master directory..." 89 1.1 christos $LDAPADD -x -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ 90 1.1 christos $LDIFORDERED > /dev/null 2>&1 91 1.1 christos RC=$? 92 1.1 christos if test $RC != 0 ; then 93 1.1 christos echo "ldapadd failed ($RC)!" 94 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 95 1.1 christos exit $RC 96 1.1 christos fi 97 1.1 christos 98 1.1 christos echo "Starting proxy cache on TCP/IP port $PORT2..." 99 1.1 christos . $CONFFILTER < $PROXYAUTHZCONF | sed \ 100 1.1 christos -e "s/@TTL@/${PCACHETTL}/" \ 101 1.1 christos -e "s/@NTTL@/${PCACHENTTL}/" \ 102 1.1 christos -e "s/@STTL@/${PCACHENTTL}/" \ 103 1.1 christos -e "s/@TTR@/${PCACHETTR}/" \ 104 1.1 christos -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/" \ 105 1.1 christos -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/" \ 106 1.1 christos -e "s/@BTTR@/${PCACHEBTTR}/" \ 107 1.1 christos > $CONF2 108 1.1 christos 109 1.1 christos $SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & 110 1.1 christos CACHEPID=$! 111 1.1 christos if test $WAIT != 0 ; then 112 1.1 christos echo CACHEPID $CACHEPID 113 1.1 christos read foo 114 1.1 christos fi 115 1.1 christos KILLPIDS="$KILLPIDS $CACHEPID" 116 1.1 christos 117 1.1 christos sleep 1 118 1.1 christos 119 1.1 christos echo "Using ldapsearch to check that proxy slapd is running..." 120 1.1 christos for i in 0 1 2 3 4 5; do 121 1.1 christos $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \ 122 1.1 christos -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 123 1.1 christos RC=$? 124 1.1 christos if test $RC = 0 ; then 125 1.1 christos break 126 1.1 christos fi 127 1.1 christos echo "Waiting 5 seconds for slapd to start..." 128 1.1 christos sleep 5 129 1.1 christos done 130 1.1 christos 131 1.1 christos if test $RC != 0 ; then 132 1.1 christos echo "ldapsearch failed ($RC)!" 133 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 1.1 christos exit $RC 135 1.1 christos fi 136 1.1 christos 137 1.1 christos cat /dev/null > $SEARCHOUT 138 1.1 christos 139 1.1 christos echo "Making queries on the proxy cache..." 140 1.1 christos CNT=0 141 1.1 christos 142 1.1 christos 143 1.1 christos CNT=`expr $CNT + 1` 144 1.1 christos USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 145 1.1 christos UPASSWD="jaj" 146 1.1 christos echo "Query $CNT: $USERDN" 147 1.1 christos echo "# Query $CNT: $USERDN" >> $SEARCHOUT 148 1.1 christos 149 1.1 christos $LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ 150 1.1 christos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 151 1.1 christos RC=$? 152 1.1 christos 153 1.1 christos if test $RC != 0 ; then 154 1.1 christos echo "ldapsearch failed ($RC)!" 155 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 156 1.1 christos exit $RC 157 1.1 christos fi 158 1.1 christos 159 1.1 christos # Check that the bind is cached 160 1.1 christos grep "CACHING BIND for $USERDN" $LOG2 > /dev/null 161 1.1 christos 162 1.1 christos RC=$? 163 1.1 christos if test $RC != 0 ; then 164 1.1 christos echo "Refresh failed" 165 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 166 1.1 christos exit 1 167 1.1 christos fi 168 1.1 christos 169 1.1 christos CNT=`expr $CNT + 1` 170 1.1 christos USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 171 1.1 christos UPASSWD="jaj" 172 1.1 christos echo "Query $CNT: (Bind should be cached)" 173 1.1 christos echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 174 1.1 christos 175 1.1 christos $LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ 176 1.1 christos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 177 1.1 christos 178 1.1 christos RC=$? 179 1.1 christos if test $RC != 0 ; then 180 1.1 christos echo "ldapsearch failed ($RC)!" 181 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 182 1.1 christos exit $RC 183 1.1 christos fi 184 1.1 christos 185 1.1 christos grep "CACHED BIND for $USERDN" $LOG2 > /dev/null 186 1.1 christos RC=$? 187 1.1 christos if test $RC != 0 ; then 188 1.1 christos echo "Refresh failed" 189 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 190 1.1 christos exit 1 191 1.1 christos fi 192 1.1 christos 193 1.1 christos CNT=`expr $CNT + 1` 194 1.1 christos USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 195 1.1 christos 196 1.1 christos echo "Query $CNT: (Bind should be cached)" 197 1.1 christos echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 198 1.1 christos $LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ 199 1.1 christos -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 200 1.1 christos 201 1.1 christos RC=$? 202 1.1 christos if test $RC != 0 ; then 203 1.1 christos echo "ldapsearch failed ($RC)!" 204 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 205 1.1 christos exit $RC 206 1.1 christos fi 207 1.1 christos 208 1.1 christos RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 209 1.1 christos if test $RC != 2 ; then 210 1.1 christos echo "Bind wasn't answered from cache" 211 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 212 1.1 christos exit 1 213 1.1 christos fi 214 1.1 christos 215 1.1 christos echo "=== New search on (sn=jo*)" 216 1.1 christos cat /dev/null > $SEARCHOUT 217 1.1 christos echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 218 1.1 christos $LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -h $LOCALHOST -p $PORT2 \ 219 1.1 christos -D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT 220 1.1 christos 221 1.1 christos RC=$? 222 1.1 christos if test $RC != 0 ; then 223 1.1 christos echo "ldapsearch failed ($RC)!" 224 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 225 1.1 christos exit $RC 226 1.1 christos fi 227 1.1 christos 228 1.1 christos RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 229 1.1 christos if test $RC != 3 ; then 230 1.1 christos echo "Bind wasn't answered from cache" 231 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 232 1.1 christos exit 1 233 1.1 christos fi 234 1.1 christos 235 1.1 christos RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l` 236 1.1 christos if test $RC != 3 ; then 237 1.1 christos echo "Search wasn't searched on remote peer" 238 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 239 1.1 christos exit 1 240 1.1 christos fi 241 1.1 christos 242 1.1 christos RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l` 243 1.1 christos if test $RC != 1 ; then 244 1.1 christos echo "Search wasn't retrieved on remote peer" 245 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 246 1.1 christos exit 1 247 1.1 christos fi 248 1.1 christos 249 1.1 christos echo "Test succeeded" 250 1.1 christos 251 1.1 christos test $KILLSERVERS != no && kill -HUP $KILLPIDS 252 1.1 christos 253 1.1 christos test $KILLSERVERS != no && wait 254 1.1 christos 255 1.1 christos exit 0 256
Indexes created Fri Apr 03 00:24:04 UTC 2026