test086-delta-consumer-config revision 1.1.1.1
1 #! /bin/sh 2 # $OpenLDAP$ 3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 ## 5 ## Copyright 1998-2021 The OpenLDAP Foundation. 6 ## All rights reserved. 7 ## 8 ## Redistribution and use in source and binary forms, with or without 9 ## modification, are permitted only as authorized by the OpenLDAP 10 ## Public License. 11 ## 12 ## A copy of this license is available in the file LICENSE in the 13 ## top-level directory of the distribution or, alternatively, at 14 ## <http://www.OpenLDAP.org/license.html>. 15 16 echo "running defines.sh" 17 . $SRCDIR/scripts/defines.sh 18 19 if test $SYNCPROV = syncprovno; then 20 echo "Syncrepl provider overlay not available, test skipped" 21 exit 0 22 fi 23 if test $ACCESSLOG = accesslogno; then 24 echo "Accesslog overlay not available, test skipped" 25 exit 0 26 fi 27 28 CFPRO=$TESTDIR/cfpro.d 29 CFCON=$TESTDIR/cfcon.d 30 31 mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR1C $DBDIR1D $DBDIR2A $CFPRO $CFCON 32 33 $SLAPPASSWD -g -n >$CONFIGPWF 34 35 if test x"$SYNCMODE" = x ; then 36 SYNCMODE=rp 37 fi 38 case "$SYNCMODE" in 39 ro) 40 SYNCTYPE="type=refreshOnly interval=00:00:00:03" 41 ;; 42 rp) 43 SYNCTYPE="type=refreshAndPersist" 44 ;; 45 *) 46 echo "unknown sync mode $SYNCMODE" 47 exit 1; 48 ;; 49 esac 50 51 # 52 # Test replication of dynamic config with alternate consumer config: 53 # - start provider 54 # - start consumer 55 # - configure over ldap 56 # - populate over ldap 57 # - configure syncrepl over ldap 58 # - retrieve database over ldap and compare against expected results 59 # 60 61 echo "Starting provider slapd on TCP/IP port $PORT1..." 62 . $CONFFILTER $BACKEND < $DYNAMICCONF > $CONFLDIF 63 $SLAPADD -F $CFPRO -n 0 -l $CONFLDIF 64 $SLAPD -F $CFPRO -h $URI1 -d $LVL > $LOG1 2>&1 & 65 PID=$! 66 if test $WAIT != 0 ; then 67 echo PID $PID 68 read foo 69 fi 70 KILLPIDS="$PID" 71 72 sleep 1 73 74 echo "Using ldapsearch to check that provider slapd is running..." 75 for i in 0 1 2 3 4 5; do 76 $LDAPSEARCH -s base -b "" -H $URI1 \ 77 'objectclass=*' > /dev/null 2>&1 78 RC=$? 79 if test $RC = 0 ; then 80 break 81 fi 82 echo "Waiting 5 seconds for slapd to start..." 83 sleep 5 84 done 85 86 if test $RC != 0 ; then 87 echo "ldapsearch failed ($RC)!" 88 test $KILLSERVERS != no && kill -HUP $KILLPIDS 89 exit $RC 90 fi 91 92 echo "Inserting syncprov and accesslog overlays on provider..." 93 if [ "$SYNCPROV" = syncprovmod -a "$ACCESSLOG" = accesslogmod ]; then 94 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 95 dn: cn=module,cn=config 96 objectClass: olcModuleList 97 cn: module 98 olcModulePath: ../servers/slapd/overlays 99 olcModuleLoad: syncprov.la 100 olcModuleLoad: accesslog.la 101 EOF 102 RC=$? 103 if test $RC != 0 ; then 104 echo "ldapadd failed for moduleLoad of syncprov and accesslog ($RC)!" 105 test $KILLSERVERS != no && kill -HUP $KILLPIDS 106 exit $RC 107 fi 108 elif [ "$SYNCPROV" = syncprovmod ]; then 109 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 110 dn: cn=module,cn=config 111 objectClass: olcModuleList 112 cn: module 113 olcModulePath: ../servers/slapd/overlays 114 olcModuleLoad: syncprov.la 115 EOF 116 RC=$? 117 if test $RC != 0 ; then 118 echo "ldapadd failed for moduleLoad of syncprov ($RC)!" 119 test $KILLSERVERS != no && kill -HUP $KILLPIDS 120 exit $RC 121 fi 122 elif [ "$ACCESSLOG" = accesslogmod ]; then 123 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 124 dn: cn=module,cn=config 125 objectClass: olcModuleList 126 cn: module 127 olcModulePath: ../servers/slapd/overlays 128 olcModuleLoad: accesslog.la 129 EOF 130 RC=$? 131 if test $RC != 0 ; then 132 echo "ldapadd failed for moduleLoad of accesslog ($RC)!" 133 test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 exit $RC 135 fi 136 fi 137 138 echo "Adding backend accesslog databases using $BACKEND..." 139 if [ "$BACKENDTYPE" = mod ]; then 140 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 141 dn: cn=module,cn=config 142 objectClass: olcModuleList 143 cn: module 144 olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND 145 olcModuleLoad: back_$BACKEND.la 146 EOF 147 RC=$? 148 if test $RC != 0 ; then 149 echo "ldapadd failed for moduleLoad of $BACKEND ($RC)!" 150 test $KILLSERVERS != no && kill -HUP $KILLPIDS 151 exit $RC 152 fi 153 fi 154 155 read CONFIGPW < $CONFIGPWF 156 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 157 dn: olcDatabase={1}$BACKEND,cn=config 158 objectClass: olcDatabaseConfig 159 objectClass: olc${BACKEND}Config 160 olcDatabase: {1}$BACKEND 161 olcSuffix: cn=accesslog 162 ${nullExclude}olcDbDirectory: $DBDIR1C 163 olcRootDN: cn=config 164 olcSizeLimit: unlimited 165 olcTimeLimit: unlimited 166 olcDbIndex: default eq 167 olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 168 169 dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config 170 changetype: add 171 objectClass: olcOverlayConfig 172 objectClass: olcSyncProvConfig 173 olcOverlay: syncprov 174 olcSpNoPresent: TRUE 175 olcSpReloadHint: TRUE 176 177 dn: olcDatabase={2}$BACKEND,cn=config 178 objectClass: olcDatabaseConfig 179 objectClass: olc${BACKEND}Config 180 olcDatabase: {2}$BACKEND 181 olcSuffix: cn=consumer-accesslog 182 ${nullExclude}olcDbDirectory: $DBDIR1D 183 olcRootDN: cn=consumer,cn=config 184 olcSizeLimit: unlimited 185 olcTimeLimit: unlimited 186 olcDbIndex: default eq 187 olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN 188 189 dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 190 changetype: add 191 objectClass: olcOverlayConfig 192 objectClass: olcSyncProvConfig 193 olcOverlay: syncprov 194 olcSpNoPresent: TRUE 195 olcSpReloadHint: TRUE 196 EOF 197 198 RC=$? 199 if test $RC != 0 ; then 200 echo "ldapadd failed for accesslog databases using $BACKEND ($RC)!" 201 test $KILLSERVERS != no && kill -HUP $KILLPIDS 202 exit $RC 203 fi 204 205 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 206 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config 207 changetype: add 208 objectClass: olcOverlayConfig 209 objectClass: olcSyncProvConfig 210 olcOverlay: syncprov 211 212 dn: olcOverlay=accesslog,olcDatabase={0}config,cn=config 213 changetype: add 214 objectClass: olcOverlayConfig 215 objectClass: olcAccessLogConfig 216 olcOverlay: accesslog 217 olcAccessLogDB: cn=accesslog 218 olcAccessLogOps: writes 219 olcAccessLogPurge: 07+00:00 01+00:00 220 olcAccessLogSuccess: TRUE 221 EOF 222 223 RC=$? 224 if test $RC != 0 ; then 225 echo "ldapmodify failed for syncprov and accesslog overlay config ($RC)!" 226 test $KILLSERVERS != no && kill -HUP $KILLPIDS 227 exit $RC 228 fi 229 230 # Consumers will not replicate the provider's actual cn=config. 231 # Instead, they will use an alternate DB so that they may be 232 # configured differently from the provider. This alternate DB 233 # will also be a consumer for the real cn=schema,cn=config tree. 234 # It has multi-provider enabled so that it can be written directly 235 # while being a consumer of the main schema. 236 echo "Configuring consumer config DB on provider..." 237 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1 238 dn: cn=config 239 changetype: modify 240 add: olcServerID 241 olcServerID: 1 242 243 dn: olcDatabase={1}ldif,cn=config 244 changetype: add 245 objectClass: olcDatabaseConfig 246 objectClass: olcLdifConfig 247 olcDatabase: {1}ldif 248 olcDbDirectory: $DBDIR1A 249 olcSuffix: cn=config,cn=consumer 250 olcRootDN: cn=config,cn=consumer 251 olcRootPW: repsecret 252 olcAccess: to * by dn.base="cn=config" write 253 254 dn: olcOverlay=syncprov,olcDatabase={1}ldif,cn=config 255 changetype: add 256 objectClass: olcOverlayConfig 257 objectClass: olcSyncProvConfig 258 olcOverlay: syncprov 259 260 dn: olcOverlay=accesslog,olcDatabase={1}ldif,cn=config 261 changetype: add 262 objectClass: olcOverlayConfig 263 objectClass: olcAccessLogConfig 264 olcOverlay: accesslog 265 olcAccessLogDB: cn=consumer-accesslog 266 olcAccessLogOps: writes 267 olcAccessLogPurge: 07+00:00 01+00:00 268 olcAccessLogSuccess: TRUE 269 270 dn: cn=config,cn=consumer 271 changetype: add 272 objectClass: olcGlobal 273 cn: consumerconfig 274 275 dn: olcDatabase={0}config,cn=config,cn=consumer 276 changetype: add 277 objectClass: olcDatabaseConfig 278 olcDatabase: {0}config 279 olcRootPW: topsecret 280 olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 281 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 282 $SYNCTYPE retry="3 5 300 5" timeout=3 suffixmassage="cn=config" 283 olcUpdateRef: $URI1 284 285 dn: olcDatabase={1}ldif,cn=config 286 changetype: modify 287 add: olcSyncrepl 288 olcSyncrepl: {0}rid=001 provider=$URI1 binddn="cn=config" 289 bindmethod=simple credentials=$CONFIGPW searchbase="cn=schema,cn=config" 290 $SYNCTYPE retry="3 5 300 5" timeout=3 291 suffixmassage="cn=schema,cn=config,cn=consumer" 292 - 293 add: olcMultiProvider 294 olcMultiProvider: TRUE 295 296 EOF 297 RC=$? 298 if test $RC != 0 ; then 299 echo "ldapmodify failed for consumer DB config ($RC)!" 300 test $KILLSERVERS != no && kill -HUP $KILLPIDS 301 exit $RC 302 fi 303 304 echo "Starting consumer slapd on TCP/IP port $PORT2..." 305 $SLAPADD -F $CFCON -n 0 -l $CONFLDIF 306 $SLAPD -F $CFCON -h $URI2 -d $LVL > $LOG2 2>&1 & 307 CONSUMERPID=$! 308 if test $WAIT != 0 ; then 309 echo CONSUMERPID $CONSUMERPID 310 read foo 311 fi 312 KILLPIDS="$KILLPIDS $CONSUMERPID" 313 314 sleep 1 315 316 echo "Using ldapsearch to check that consumer slapd is running..." 317 for i in 0 1 2 3 4 5; do 318 $LDAPSEARCH -s base -b "" -H $URI2 \ 319 'objectclass=*' > /dev/null 2>&1 320 RC=$? 321 if test $RC = 0 ; then 322 break 323 fi 324 echo "Waiting 5 seconds for slapd to start..." 325 sleep 5 326 done 327 328 if test $RC != 0 ; then 329 echo "ldapsearch failed ($RC)!" 330 test $KILLSERVERS != no && kill -HUP $KILLPIDS 331 exit $RC 332 fi 333 334 echo "Configuring syncrepl on consumer..." 335 $LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 336 dn: olcDatabase={0}config,cn=config 337 changetype: modify 338 add: olcSyncRepl 339 olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config,cn=consumer" 340 bindmethod=simple credentials=repsecret searchbase="cn=config,cn=consumer" 341 $SYNCTYPE retry="3 5 300 5" timeout=3 logbase="cn=consumer-accesslog" 342 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))" 343 syncdata=accesslog suffixmassage="cn=config" 344 - 345 add: olcUpdateRef 346 olcUpdateRef: $URI1 347 EOF 348 349 sleep 1 350 351 echo "Using ldapsearch to check that syncrepl received config changes..." 352 RC=32 353 for i in 0 1 2 3 4 5; do 354 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 355 -s base -b "olcDatabase={0}config,cn=config" \ 356 '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 357 if test "x$RESULT" = "xOK" ; then 358 RC=0 359 break 360 fi 361 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 362 sleep $SLEEP1 363 done 364 365 if test $RC != 0 ; then 366 echo "ldapsearch failed ($RC)!" 367 test $KILLSERVERS != no && kill -HUP $KILLPIDS 368 exit $RC 369 fi 370 371 echo "Adding schema and databases on provider..." 372 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 373 include: file://$ABS_SCHEMADIR/core.ldif 374 375 include: file://$ABS_SCHEMADIR/cosine.ldif 376 377 include: file://$ABS_SCHEMADIR/inetorgperson.ldif 378 379 include: file://$ABS_SCHEMADIR/openldap.ldif 380 381 include: file://$ABS_SCHEMADIR/nis.ldif 382 EOF 383 RC=$? 384 if test $RC != 0 ; then 385 echo "ldapadd failed for schema config ($RC)!" 386 test $KILLSERVERS != no && kill -HUP $KILLPIDS 387 exit $RC 388 fi 389 390 echo "Using ldapsearch to check that syncrepl received the schema changes..." 391 RC=32 392 for i in 0 1 2 3 4 5; do 393 RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \ 394 -s sub -b "cn=schema,cn=config" \ 395 '(cn=*openldap)' 2>&1 | awk '/^dn:/ {print "OK"}'` 396 if test "x$RESULT" = "xOK" ; then 397 RC=0 398 break 399 fi 400 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 401 sleep $SLEEP1 402 done 403 404 if test "x$RESULT" != "xOK" ; then 405 echo "consumer never received complete schema!" 406 test $KILLSERVERS != no && kill -HUP $KILLPIDS 407 exit 1 408 fi 409 410 nullExclude="" nullOK="" 411 test $BACKEND = null && nullExclude="# " nullOK="OK" 412 413 if [ "$BACKENDTYPE" = mod ]; then 414 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 415 dn: cn=module,cn=config,cn=consumer 416 objectClass: olcModuleList 417 cn: module 418 olcModulePath: ../servers/slapd/back-$BACKEND 419 olcModuleLoad: back_$BACKEND.la 420 EOF 421 RC=$? 422 if test $RC != 0 ; then 423 echo "ldapadd failed for backend config ($RC)!" 424 test $KILLSERVERS != no && kill -HUP $KILLPIDS 425 exit $RC 426 fi 427 fi 428 429 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 430 dn: olcDatabase={2}$BACKEND,cn=config 431 objectClass: olcDatabaseConfig 432 ${nullExclude}objectClass: olc${BACKEND}Config 433 olcDatabase: {2}$BACKEND 434 olcSuffix: $BASEDN 435 ${nullExclude}olcDbDirectory: $DBDIR1B 436 olcRootDN: $MANAGERDN 437 olcRootPW: $PASSWD 438 olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 439 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 440 retry="3 5 300 5" timeout=3 441 olcUpdateRef: $URI1 442 443 dn: olcOverlay=syncprov,olcDatabase={2}${BACKEND},cn=config 444 changetype: add 445 objectClass: olcOverlayConfig 446 objectClass: olcSyncProvConfig 447 olcOverlay: syncprov 448 449 dn: olcDatabase={1}$BACKEND,cn=config,cn=consumer 450 objectClass: olcDatabaseConfig 451 ${nullExclude}objectClass: olc${BACKEND}Config 452 olcDatabase: {1}$BACKEND 453 olcSuffix: $BASEDN 454 ${nullExclude}olcDbDirectory: $DBDIR2A 455 olcRootDN: $MANAGERDN 456 olcRootPW: $PASSWD 457 olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple 458 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE 459 retry="3 5 300 5" timeout=3 460 olcUpdateRef: $URI1 461 462 EOF 463 RC=$? 464 if test $RC != 0 ; then 465 echo "ldapadd failed for database config ($RC)!" 466 test $KILLSERVERS != no && kill -HUP $KILLPIDS 467 exit $RC 468 fi 469 470 if test $INDEXDB = indexdb ; then 471 $LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1 472 dn: olcDatabase={2}$BACKEND,cn=config 473 changetype: modify 474 add: olcDbIndex 475 olcDbIndex: objectClass,entryUUID,entryCSN eq 476 olcDbIndex: cn,uid pres,eq,sub 477 EOF 478 RC=$? 479 if test $RC != 0 ; then 480 echo "ldapadd modify for database config ($RC)!" 481 test $KILLSERVERS != no && kill -HUP $KILLPIDS 482 exit $RC 483 fi 484 fi 485 486 echo "Using ldapadd to populate provider..." 487 $LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \ 488 >> $TESTOUT 2>&1 489 RC=$? 490 if test $RC != 0 ; then 491 echo "ldapadd failed for database config ($RC)!" 492 test $KILLSERVERS != no && kill -HUP $KILLPIDS 493 exit $RC 494 fi 495 496 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 497 sleep $SLEEP1 498 499 echo "Using ldapsearch to check that syncrepl received database changes..." 500 RC=32 501 for i in 0 1 2 3 4 5; do 502 RESULT=`$LDAPSEARCH -H $URI2 \ 503 -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \ 504 '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'` 505 if test "x$RESULT$nullOK" = "xOK" ; then 506 RC=0 507 break 508 fi 509 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 510 sleep $SLEEP1 511 done 512 513 if test $RC != 0 ; then 514 echo "ldapsearch failed ($RC)!" 515 test $KILLSERVERS != no && kill -HUP $KILLPIDS 516 exit $RC 517 fi 518 519 echo "Using ldapsearch to read all the entries from the provider..." 520 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 521 'objectclass=*' > $PROVIDEROUT 2>&1 522 RC=$? 523 524 if test $RC != 0 ; then 525 echo "ldapsearch failed at provider ($RC)!" 526 test $KILLSERVERS != no && kill -HUP $KILLPIDS 527 exit $RC 528 fi 529 530 echo "Using ldapsearch to read all the entries from the consumer..." 531 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \ 532 'objectclass=*' > $CONSUMEROUT 2>&1 533 RC=$? 534 535 if test $RC != 0 ; then 536 echo "ldapsearch failed at consumer ($RC)!" 537 test $KILLSERVERS != no && kill -HUP $KILLPIDS 538 exit $RC 539 fi 540 541 test $KILLSERVERS != no && kill -HUP $KILLPIDS 542 543 echo "Filtering provider results..." 544 $LDIFFILTER < $PROVIDEROUT > $PROVIDERFLT 545 echo "Filtering consumer results..." 546 $LDIFFILTER < $CONSUMEROUT > $CONSUMERFLT 547 548 echo "Comparing retrieved entries from provider and consumer..." 549 $CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT 550 551 if test $? != 0 ; then 552 echo "test failed - provider and consumer databases differ" 553 exit 1 554 fi 555 556 echo ">>>>> Test succeeded" 557 558 test $KILLSERVERS != no && wait 559 560 exit 0 561
Indexes created Sun Jun 28 00:24:58 UTC 2026