1 #! /bin/sh 2 # $OpenLDAP$ 3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 ## 5 ## Copyright 1998-2024 The OpenLDAP Foundation. 6 ## All rights reserved. 7 ## 8 ## Redistribution and use in source and binary forms, with or without 9 ## modification, are permitted only as authorized by the OpenLDAP 10 ## Public License. 11 ## 12 ## A copy of this license is available in the file LICENSE in the 13 ## top-level directory of the distribution or, alternatively, at 14 ## <http://www.OpenLDAP.org/license.html>. 15 16 echo "running defines.sh" 17 . $SRCDIR/scripts/defines.sh 18 19 if test $SYNCPROV = syncprovno; then 20 echo "Syncrepl provider overlay not available, test skipped" 21 exit 0 22 fi 23 if test $ACCESSLOG = accesslogno; then 24 echo "Accesslog overlay not available, test skipped" 25 exit 0 26 fi 27 28 CFPRO=$TESTDIR/cfpro.d 29 CFCON=$TESTDIR/cfcon.d 30 31 mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR1D $DBDIR2A $CFPRO $CFCON 32 33 $SLAPPASSWD -g -n >$CONFIGPWF 34 35 if test x"$SYNCMODE" = x ; then 36 SYNCMODE=rp 37 fi 38 case "$SYNCMODE" in 39 ro) 40 SYNCTYPE="type=refreshOnly interval=00:00:00:03" 41 ;; 42 rp) 43 SYNCTYPE="type=refreshAndPersist" 44 ;; 45 *) 46 echo "unknown sync mode $SYNCMODE" 47 exit 1; 48 ;; 49 esac 50 51 # 52 # Test replication of dynamic config with alternate consumer config: 53 # - start provider 54 # - start consumer 55 # - configure over ldap 56 # - populate over ldap 57 # - configure syncrepl over ldap 58 # - retrieve database over ldap and compare against expected results 59 # 60 61 echo "Starting provider slapd on TCP/IP port $PORT1..." 62 . $CONFFILTER $BACKEND < $DYNAMICCONF > $CONFLDIF 63 $SLAPADD -F $CFPRO -n 0 -l $CONFLDIF 64 RC=$? 65 if test $RC != 0 ; then 66 echo "slapadd failed ($RC)!" 67 exit $RC 68 fi 69 70 $SLAPD -F $CFPRO -h $URI1 -d $LVL > $LOG1 2>&1 & 71 PID=$! 72 if test $WAIT != 0 ; then 73 echo PID $PID 74 read foo 75 fi 76 KILLPIDS="$PID" 77 78 sleep 1 79 80 echo "Using ldapsearch to check that provider slapd is running..." 81 for i in 0 1 2 3 4 5; do 82 $LDAPSEARCH -s base -b "" -H $URI1 \ 83 'objectclass=*' > /dev/null 2>&1 84 RC=$? 85 if test $RC = 0 ; then 86 break 87 fi 88 echo "Waiting 5 seconds for slapd to start..." 89 sleep 5 90 done 91 92 if test $RC != 0 ; then 93 echo "ldapsearch failed ($RC)!" 94 test $KILLSERVERS != no && kill -HUP $KILLPIDS 95 exit $RC 96 fi 97 98 echo "Inserting syncprov and accesslog overlays on provider..." 99 if [ "$SYNCPROV" = syncprovmod -a "$ACCESSLOG" = accesslogmod ]; then 100 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 101 dn: cn=module,cn=config 102 objectClass: olcModuleList 103 cn: module 104 olcModulePath: ../servers/slapd/overlays 105 olcModuleLoad: syncprov.la 106 olcModuleLoad: accesslog.la 107 EOF 108 RC=$? 109 if test $RC != 0 ; then 110 echo "ldapadd failed for moduleLoad of syncprov and accesslog ($RC)!" 111 test $KILLSERVERS != no && kill -HUP $KILLPIDS 112 exit $RC 113 fi 114 elif [ "$SYNCPROV" = syncprovmod ]; then 115 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 116 dn: cn=module,cn=config 117 objectClass: olcModuleList 118 cn: module 119 olcModulePath: ../servers/slapd/overlays 120 olcModuleLoad: syncprov.la 121 EOF 122 RC=$? 123 if test $RC != 0 ; then 124 echo "ldapadd failed for moduleLoad of syncprov ($RC)!" 125 test $KILLSERVERS != no && kill -HUP $KILLPIDS 126 exit $RC 127 fi 128 elif [ "$ACCESSLOG" = accesslogmod ]; then 129 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 130 dn: cn=module,cn=config 131 objectClass: olcModuleList 132 cn: module 133 olcModulePath: ../servers/slapd/overlays 134 olcModuleLoad: accesslog.la 135 EOF 136 RC=$? 137 if test $RC != 0 ; then 138 echo "ldapadd failed for moduleLoad of accesslog ($RC)!" 139 test $KILLSERVERS != no && kill -HUP $KILLPIDS 140 exit $RC 141 fi 142 fi 143 144 echo "Adding backend accesslog databases using $BACKEND..." 145 if [ "$BACKENDTYPE" = mod ]; then 146 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 147 dn: cn=module,cn=config 148 objectClass: olcModuleList 149 cn: module 150 olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND 151 olcModuleLoad: back_$BACKEND.la 152 EOF 153 RC=$? 154 if test $RC != 0 ; then 155 echo "ldapadd failed for moduleLoad of $BACKEND ($RC)!" 156 test $KILLSERVERS != no && kill -HUP $KILLPIDS 157 exit $RC 158 fi 159 fi 160 161 read CONFIGPW < $CONFIGPWF 162 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 163 dn: olcDatabase={1}$BACKEND,cn=config 164 objectClass: olcDatabaseConfig 165 objectClass: olc${BACKEND}Config 166 olcDatabase: {1}$BACKEND 167 olcSuffix: cn=accesslog 168 ${nullExclude}olcDbDirectory: $DBDIR1C 169 olcRootDN: cn=config 170 olcSizeLimit: unlimited 171 olcTimeLimit: unlimited 172 olcDbIndex: default eq 173 olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 174 175 dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config 176 changetype: add 177 objectClass: olcOverlayConfig 178 objectClass: olcSyncProvConfig 179 olcOverlay: syncprov 180 olcSpNoPresent: TRUE 181 olcSpReloadHint: TRUE 182 183 dn: olcDatabase={2}$BACKEND,cn=config 184 objectClass: olcDatabaseConfig 185 objectClass: olc${BACKEND}Config 186 olcDatabase: {2}$BACKEND 187 olcSuffix: cn=consumer-accesslog 188 ${nullExclude}olcDbDirectory: $DBDIR1D 189 olcRootDN: cn=consumer,cn=config 190 olcSizeLimit: unlimited 191 olcTimeLimit: unlimited 192 olcDbIndex: default eq 193 olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 194 195 dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 196 changetype: add 197 objectClass: olcOverlayConfig 198 objectClass: olcSyncProvConfig 199 olcOverlay: syncprov 200 olcSpNoPresent: TRUE 201 olcSpReloadHint: TRUE 202 EOF 203 204 RC=$? 205 if test $RC != 0 ; then 206 echo "ldapadd failed for accesslog databases using $BACKEND ($RC)!" 207 test $KILLSERVERS != no && kill -HUP $KILLPIDS 208 exit $RC 209 fi 210 211 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 212 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config 213 changetype: add 214 objectClass: olcOverlayConfig 215 objectClass: olcSyncProvConfig 216 olcOverlay: syncprov 217 218 dn: olcOverlay=accesslog,olcDatabase={0}config,cn=config 219 changetype: add 220 objectClass: olcOverlayConfig 221 objectClass: olcAccessLogConfig 222 olcOverlay: accesslog 223 olcAccessLogDB: cn=accesslog 224 olcAccessLogOps: writes 225 olcAccessLogPurge: 07+00:00 01+00:00 226 olcAccessLogSuccess: TRUE 227 EOF 228 229 RC=$? 230 if test $RC != 0 ; then 231 echo "ldapmodify failed for syncprov and accesslog overlay config ($RC)!" 232 test $KILLSERVERS != no && kill -HUP $KILLPIDS 233 exit $RC 234 fi 235 236 # Consumers will not replicate the provider's actual cn=config. 237 # Instead, they will use an alternate DB so that they may be 238 # configured differently from the provider. This alternate DB 239 # will also be a consumer for the real cn=schema,cn=config tree. 240 # It has multi-provider enabled so that it can be written directly 241 # while being a consumer of the main schema. 242 echo "Configuring accesslog config DB on provider..." 243 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 244 dn: cn=config 245 changetype: modify 246 add: olcServerID 247 olcServerID: 1 248 249 dn: olcDatabase={1}ldif,cn=config 250 changetype: add 251 objectClass: olcDatabaseConfig 252 objectClass: olcLdifConfig 253 olcDatabase: {1}ldif 254 olcDbDirectory: $DBDIR1A 255 olcSuffix: cn=config,cn=consumer 256 olcRootDN: cn=config,cn=consumer 257 olcRootPW: repsecret 258 olcAccess: to * by dn.base="cn=config" write 259 260 dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config 261 changetype: add 262 objectClass: olcOverlayConfig 263 objectClass: olcSyncProvConfig 264 olcOverlay: syncprov 265 266 dn: olcOverlay=accesslog,olcDatabase={1}ldif,cn=config 267 changetype: add 268 objectClass: olcOverlayConfig 269 objectClass: olcAccessLogConfig 270 olcOverlay: accesslog 271 olcAccessLogDB: cn=consumer-accesslog 272 olcAccessLogOps: writes 273 olcAccessLogPurge: 07+00:00 01+00:00 274 olcAccessLogSuccess: TRUE 275 EOF 276 277 RC=$? 278 if test $RC != 0 ; then 279 echo "ldapmodify failed for consumer DB config ($RC)!" 280 test $KILLSERVERS != no && kill -HUP $KILLPIDS 281 exit $RC 282 fi 283 284 echo "Waiting 3 seconds for syncrepl to make root accesslog entry..." 285 sleep 3 286 287 echo "Configuring consumer config DB on provider..." 288 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 289 dn: cn=config,cn=consumer 290 changetype: add 291 objectClass: olcGlobal 292 cn: consumerconfig 293 294 dn: olcDatabase={0}config,cn=config,cn=consumer 295 changetype: add 296 objectClass: olcDatabaseConfig 297 olcDatabase: {0}config 298 olcRootPW: topsecret 299 olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 300 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 301 $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config" 302 olcUpdateRef: $URI1 303 304 dn: olcDatabase={1}ldif,cn=config 305 changetype: modify 306 add: olcSyncrepl 307 olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config" 308 bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" 309 $SYNCTYPE retry="3 5 300 5" timeout=3 310 suffixmassage="cn=schema,cn=config,cn=consumer" 311 # a dummy stanza we add to the beginning and remove again 312 olcSyncrepl: {0}rid=006 provider=$URI6 binddn="cn=config" 313 bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" 314 $SYNCTYPE retry="3 5 300 5" timeout=3 315 suffixmassage="cn=schema,cn=config,cn=consumer" 316 - 317 delete: olcSyncrepl 318 olcSyncrepl: {0} 319 - 320 add: olcMultiProvider 321 olcMultiProvider: TRUE 322 323 EOF 324 RC=$? 325 if test $RC != 0 ; then 326 echo "ldapmodify failed for consumer DB config ($RC)!" 327 test $KILLSERVERS != no && kill -HUP $KILLPIDS 328 exit $RC 329 fi 330 331 echo "Starting consumer slapd on TCP/IP port $PORT2..." 332 $SLAPADD -F $CFCON -n 0 -l $CONFLDIF 333 RC=$? 334 if test $RC != 0 ; then 335 echo "slapadd failed ($RC)!" 336 test $KILLSERVERS != no && kill -HUP $KILLPIDS 337 exit $RC 338 fi 339 340 $SLAPD -F $CFCON -h $URI2 -d $LVL > $LOG2 2>&1 & 341 CONSUMERPID=$! 342 if test $WAIT != 0 ; then 343 echo CONSUMERPID $CONSUMERPID 344 read foo 345 fi 346 KILLPIDS="$KILLPIDS $CONSUMERPID" 347 348 sleep 1 349 350 echo "Using ldapsearch to check that consumer slapd is running..." 351 for i in 0 1 2 3 4 5; do 352 $LDAPSEARCH -s base -b "" -H $URI2 \ 353 'objectclass=*' > /dev/null 2>&1 354 RC=$? 355 if test $RC = 0 ; then 356 break 357 fi 358 echo "Waiting 5 seconds for slapd to start..." 359 sleep 5 360 done 361 362 if test $RC != 0 ; then 363 echo "ldapsearch failed ($RC)!" 364 test $KILLSERVERS != no && kill -HUP $KILLPIDS 365 exit $RC 366 fi 367 368 echo "Configuring syncrepl on consumer..." 369 $LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 370 dn: olcDatabase={0}config,cn=config 371 changetype: modify 372 add: olcSyncRepl 373 olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 374 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 375 $SYNCTYPE retry="3 5 300 5" timeout=3 logbase="cn=consumer-accesslog" 376 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" 377 syncdata=accesslog suffixmassage="cn=config" 378 - 379 add: olcUpdateRef 380 olcUpdateRef: $URI1 381 EOF 382 383 sleep 1 384 385 echo "Using ldapsearch to check that syncrepl received config changes..." 386 RC=32 387 for i in 0 1 2 3 4 5; do 388 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 389 -s base -b "olcDatabase={0}config,cn=config" \ 390 '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 391 if test "x$RESULT" = "xOK" ; then 392 RC=0 393 break 394 fi 395 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 396 sleep $SLEEP1 397 done 398 399 if test $RC != 0 ; then 400 echo "ldapsearch failed ($RC)!" 401 test $KILLSERVERS != no && kill -HUP $KILLPIDS 402 exit $RC 403 fi 404 405 echo "Adding schema and databases on provider..." 406 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 407 include: file://$ABS_SCHEMADIR/core.ldif 408 409 include: file://$ABS_SCHEMADIR/cosine.ldif 410 411 include: file://$ABS_SCHEMADIR/inetorgperson.ldif 412 413 include: file://$ABS_SCHEMADIR/openldap.ldif 414 415 include: file://$ABS_SCHEMADIR/nis.ldif 416 EOF 417 RC=$? 418 if test $RC != 0 ; then 419 echo "ldapadd failed for schema config ($RC)!" 420 test $KILLSERVERS != no && kill -HUP $KILLPIDS 421 exit $RC 422 fi 423 424 echo "Using ldapsearch to check that syncrepl received the schema changes..." 425 RC=32 426 for i in 0 1 2 3 4 5; do 427 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 428 -s sub -b "cn=schema,cn=config" \ 429 '(cn=*openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'` 430 if test "x$RESULT" = "xOK" ; then 431 RC=0 432 break 433 fi 434 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 435 sleep $SLEEP1 436 done 437 438 if test "x$RESULT" != "xOK" ; then 439 echo "consumer never received complete schema!" 440 test $KILLSERVERS != no && kill -HUP $KILLPIDS 441 exit 1 442 fi 443 444 nullExclude="" nullOK="" 445 test $BACKEND = null && nullExclude="# " nullOK="OK" 446 447 if [ "$BACKENDTYPE" = mod ]; then 448 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 449 dn: cn=module,cn=config,cn=consumer 450 objectClass: olcModuleList 451 cn: module 452 olcModulePath: ../servers/slapd/back-$BACKEND 453 olcModuleLoad: back_$BACKEND.la 454 EOF 455 RC=$? 456 if test $RC != 0 ; then 457 echo "ldapadd failed for backend config ($RC)!" 458 test $KILLSERVERS != no && kill -HUP $KILLPIDS 459 exit $RC 460 fi 461 fi 462 463 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 464 dn: olcDatabase={2}$BACKEND,cn=config 465 objectClass: olcDatabaseConfig 466 ${nullExclude}objectClass: olc${BACKEND}Config 467 olcDatabase: {2}$BACKEND 468 olcSuffix: $BASEDN 469 ${nullExclude}olcDbDirectory: $DBDIR1B 470 olcRootDN: $MANAGERDN 471 olcRootPW: $PASSWD 472 olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 473 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 474 retry="3 5 300 5" timeout=3 475 olcUpdateRef: $URI1 476 477 dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 478 changetype: add 479 objectClass: olcOverlayConfig 480 objectClass: olcSyncProvConfig 481 olcOverlay: syncprov 482 483 dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer 484 objectClass: olcDatabaseConfig 485 ${nullExclude}objectClass: olc${BACKEND}Config 486 olcDatabase: {1}$BACKEND 487 olcSuffix: $BASEDN 488 ${nullExclude}olcDbDirectory: $DBDIR2A 489 olcRootDN: $MANAGERDN 490 olcRootPW: $PASSWD 491 olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 492 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 493 retry="3 5 300 5" timeout=3 494 olcUpdateRef: $URI1 495 496 EOF 497 RC=$? 498 if test $RC != 0 ; then 499 echo "ldapadd failed for database config ($RC)!" 500 test $KILLSERVERS != no && kill -HUP $KILLPIDS 501 exit $RC 502 fi 503 504 if test $INDEXDB = indexdb ; then 505 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 506 dn: olcDatabase={2}$BACKEND,cn=config 507 changetype: modify 508 add: olcDbIndex 509 olcDbIndex: objectClass,entryUUID,entryCSN eq 510 olcDbIndex: cn,uid pres,eq,sub 511 EOF 512 RC=$? 513 if test $RC != 0 ; then 514 echo "ldapadd modify for database config ($RC)!" 515 test $KILLSERVERS != no && kill -HUP $KILLPIDS 516 exit $RC 517 fi 518 fi 519 520 echo "Using ldapadd to populate provider..." 521 $LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ 522 >> $TESTOUT 2>&1 523 RC=$? 524 if test $RC != 0 ; then 525 echo "ldapadd failed for database config ($RC)!" 526 test $KILLSERVERS != no && kill -HUP $KILLPIDS 527 exit $RC 528 fi 529 530 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 531 sleep $SLEEP1 532 533 echo "Using ldapsearch to check that syncrepl received database changes..." 534 RC=32 535 for i in 0 1 2 3 4 5; do 536 RESULT=`$LDAPSEARCH -H $URI2 \ 537 -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ 538 '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 539 if test "x$RESULT$nullOK" = "xOK" ; then 540 RC=0 541 break 542 fi 543 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 544 sleep $SLEEP1 545 done 546 547 if test $RC != 0 ; then 548 echo "ldapsearch failed ($RC)!" 549 test $KILLSERVERS != no && kill -HUP $KILLPIDS 550 exit $RC 551 fi 552 553 echo "Using ldapsearch to read all the entries from the provider..." 554 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 555 'objectclass=*' > $PROVIDEROUT 2>&1 556 RC=$? 557 558 if test $RC != 0 ; then 559 echo "ldapsearch failed at provider ($RC)!" 560 test $KILLSERVERS != no && kill -HUP $KILLPIDS 561 exit $RC 562 fi 563 564 echo "Using ldapsearch to read all the entries from the consumer..." 565 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ 566 'objectclass=*' > $CONSUMEROUT 2>&1 567 RC=$? 568 569 if test $RC != 0 ; then 570 echo "ldapsearch failed at consumer ($RC)!" 571 test $KILLSERVERS != no && kill -HUP $KILLPIDS 572 exit $RC 573 fi 574 575 test $KILLSERVERS != no && kill -HUP $KILLPIDS 576 577 echo "Filtering provider results..." 578 $LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT 579 echo "Filtering consumer results..." 580 $LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT 581 582 echo "Comparing retrieved entries from provider and consumer..." 583 $CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT 584 585 if test $? != 0 ; then 586 echo "test failed - provider and consumer databases differ" 587 exit 1 588 fi 589 590 echo ">>>>> Test succeeded" 591 592 test $KILLSERVERS != no && wait 593 594 exit 0 595
Indexes created Mon Apr 13 00:22:24 UTC 2026