3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2017 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 if test $WITH_TLS = no ; then
20 echo "TLS support not available, test skipped"
24 if test $SYNCPROV = syncprovno; then
25 echo "Syncrepl provider overlay not available, test skipped"
28 if test $ACCESSLOG = accesslogno; then
29 echo "Accesslog overlay not available, test skipped"
39 cp -r $DATADIR/tls $TESTDIR
41 $SLAPPASSWD -g -n >$CONFIGPWF
43 if test x"$SYNCMODE" = x ; then
48 SYNCTYPE="type=refreshOnly interval=00:00:00:03"
51 SYNCTYPE="type=refreshAndPersist interval=00:00:00:03"
54 echo "unknown sync mode $SYNCMODE"
62 # - configure over ldap
63 # - populate over ldap
64 # - configure syncrepl over ldap
66 # - modify each server separately
67 # - restore replication
72 test $BACKEND = null && nullExclude="# "
76 echo "Initializing server configurations..."
78 while [ $n -le $MMR ]; do
81 CFDIR=${XDIR}$n/slapd.d
83 mkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
88 objectClass: olcGlobal
91 olcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
92 olcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key
96 if [ "$SYNCPROV" = syncprovmod -o "$ACCESSLOG" = accesslogmod ]; then
98 dn: cn=module,cn=config
99 objectClass: olcModuleList
101 olcModulePath: $TESTWD/../servers/slapd/overlays
103 if [ "$SYNCPROV" = syncprovmod ]; then
104 echo "olcModuleLoad: syncprov.la" >> $TMP
106 if [ "$ACCESSLOG" = accesslogmod ]; then
107 echo "olcModuleLoad: accesslog.la" >> $TMP
112 if [ "$BACKENDTYPE" = mod ]; then
114 dn: cn=module,cn=config
115 objectClass: olcModuleList
117 olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
118 olcModuleLoad: back_$BACKEND.la
122 MYURI=`eval echo '$SURIP'$n`
123 PROVIDERURI=`eval echo '$SURIP'$o`
124 if test $INDEXDB = indexdb ; then
125 INDEX1="olcDbIndex: objectClass,entryCSN,reqStart,reqDN,reqResult eq"
126 INDEX2="olcDbIndex: objectClass,entryCSN,entryUUID eq"
132 dn: cn=schema,cn=config
133 objectclass: olcSchemaconfig
136 include: file://$ABS_SCHEMADIR/core.ldif
138 include: file://$ABS_SCHEMADIR/cosine.ldif
140 include: file://$ABS_SCHEMADIR/inetorgperson.ldif
142 include: file://$ABS_SCHEMADIR/openldap.ldif
144 include: file://$ABS_SCHEMADIR/nis.ldif
146 dn: olcDatabase={0}config,cn=config
147 objectClass: olcDatabaseConfig
148 olcDatabase: {0}config
149 olcRootPW:< file://$CONFIGPWF
151 dn: olcDatabase={1}$BACKEND,cn=config
152 objectClass: olcDatabaseConfig
153 ${nullExclude}objectClass: olc${BACKEND}Config
154 olcDatabase: {1}$BACKEND
156 ${nullExclude}olcDbDirectory: ${DBDIR}.1
157 olcRootDN: $MANAGERDN
160 dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
161 objectClass: olcOverlayConfig
162 objectClass: olcSyncProvConfig
165 olcSpReloadHint: TRUE
167 dn: olcDatabase={2}$BACKEND,cn=config
168 objectClass: olcDatabaseConfig
169 ${nullExclude}objectClass: olc${BACKEND}Config
170 olcDatabase: {2}$BACKEND
172 ${nullExclude}olcDbDirectory: ${DBDIR}.2
173 olcRootDN: $MANAGERDN
175 olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
176 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
177 retry="3 +" timeout=3 logbase="cn=log"
178 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
179 syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
183 dn: olcOverlay=syncprov,olcDatabase={2}$BACKEND,cn=config
184 objectClass: olcOverlayConfig
185 objectClass: olcSyncProvConfig
188 dn: olcOverlay=accesslog,olcDatabase={2}$BACKEND,cn=config
189 objectClass: olcOverlayConfig
190 objectClass: olcAccessLogConfig
191 olcOverlay: accesslog
192 olcAccessLogDB: cn=log
193 olcAccessLogOps: writes
194 olcAccessLogSuccess: TRUE
197 $SLAPADD -F $CFDIR -n 0 -d-1< $TMP > $TESTOUT 2>&1
198 PORT=`eval echo '$PORT'$n`
199 echo "Starting server $n on TCP/IP port $PORT..."
201 LOG=`eval echo '$LOG'$n`
202 $SLAPD -F slapd.d -h $MYURI -d $LVL $TIMING > $LOG 2>&1 &
204 if test $WAIT != 0 ; then
208 KILLPIDS="$PID $KILLPIDS"
211 echo "Using ldapsearch to check that server $n is running..."
212 for i in 0 1 2 3 4 5; do
213 $LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -s base -b "" -H $MYURI \
214 'objectclass=*' > /dev/null 2>&1
216 if test $RC = 0 ; then
219 echo "Waiting 5 seconds for slapd to start..."
223 if test $RC != 0 ; then
224 echo "ldapsearch failed ($RC)!"
225 test $KILLSERVERS != no && kill -HUP $KILLPIDS
230 echo "Using ldapadd for context on server 1..."
231 $LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDCP \
234 if test $RC != 0 ; then
235 echo "ldapadd failed for server $n database ($RC)!"
236 test $KILLSERVERS != no && kill -HUP $KILLPIDS
244 echo "Using ldapadd to populate server 1..."
245 $LDAPADD -D "$MANAGERDN" -H $SURIP1 -w $PASSWD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -f $LDIFORDEREDNOCP \
248 if test $RC != 0 ; then
249 echo "ldapadd failed for server $n database ($RC)!"
250 test $KILLSERVERS != no && kill -HUP $KILLPIDS
254 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
258 while [ $n -le $MMR ]; do
259 PORT=`expr $BASEPORT + $n`
260 URI="ldaps://${LOCALIP}:$PORT/"
262 echo "Using ldapsearch to read all the entries from server $n..."
263 $LDAPSEARCH -S "" -b "$BASEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $URI -w $PASSWD \
264 'objectclass=*' > $TESTDIR/server$n.out 2>&1
267 if test $RC != 0 ; then
268 echo "ldapsearch failed at server $n ($RC)!"
269 test $KILLSERVERS != no && kill -HUP $KILLPIDS
272 $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
277 while [ $n -le $MMR ]; do
278 echo "Comparing retrieved entries from server 1 and server $n..."
279 $CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
281 if test $? != 0 ; then
282 echo "test failed - server 1 and server $n databases differ"
283 test $KILLSERVERS != no && kill -HUP $KILLPIDS
289 echo "Using ldapadd to populate server 2..."
290 $LDAPADD -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD -f $LDIFADD1 \
293 if test $RC != 0 ; then
294 echo "ldapadd failed for server 2 database ($RC)!"
295 test $KILLSERVERS != no && kill -HUP $KILLPIDS
299 THEDN="cn=James A Jones 2,ou=Alumni Association,ou=People,dc=example,dc=com"
302 $LDAPSEARCH -S "" -b "$THEDN" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $SURIP1 \
303 -s base '(objectClass=*)' entryCSN > "${MASTEROUT}.$i" 2>&1
306 if test $RC = 0 ; then
310 if test $RC != 32 ; then
311 echo "ldapsearch failed at slave ($RC)!"
312 test $KILLSERVERS != no && kill -HUP $KILLPIDS
316 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
321 while [ $n -le $MMR ]; do
322 PORT=`expr $BASEPORT + $n`
323 URI="ldaps://${LOCALIP}:$PORT/"
325 echo "Using ldapsearch to read all the entries from server $n..."
326 $LDAPSEARCH -S "" -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
327 'objectclass=*' > $TESTDIR/server$n.out 2>&1
330 if test $RC != 0 ; then
331 echo "ldapsearch failed at server $n ($RC)!"
332 test $KILLSERVERS != no && kill -HUP $KILLPIDS
335 $LDIFFILTER < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
340 while [ $n -le $MMR ]; do
341 echo "Comparing retrieved entries from server 1 and server $n..."
342 $CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
344 if test $? != 0 ; then
345 echo "test failed - server 1 and server $n databases differ"
346 test $KILLSERVERS != no && kill -HUP $KILLPIDS
352 echo "Breaking replication between server 1 and 2..."
354 while [ $n -le $MMR ]; do
356 MYURI=`eval echo '$SURIP'$n`
357 PROVIDERURI=`eval echo '$SURIP'$o`
358 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D cn=config -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
359 dn: olcDatabase={2}$BACKEND,cn=config
362 olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
363 credentials=InvalidPw searchbase="$BASEDN" $SYNCTYPE
364 retry="3 +" timeout=3 logbase="cn=log"
365 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
366 syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
368 replace: olcMirrorMode
373 if test $RC != 0 ; then
374 echo "ldapmodify failed for server $n config ($RC)!"
375 test $KILLSERVERS != no && kill -HUP $KILLPIDS
381 echo "Using ldapmodify to force conflicts between server 1 and 2..."
382 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
383 >> $TESTOUT 2>&1 << EOF
391 if test $RC != 0 ; then
392 echo "ldapmodify failed for server 1 database ($RC)!"
393 test $KILLSERVERS != no && kill -HUP $KILLPIDS
397 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
398 >> $TESTOUT 2>&1 << EOF
402 description: Stupendous
406 if test $RC != 0 ; then
407 echo "ldapmodify failed for server 2 database ($RC)!"
408 test $KILLSERVERS != no && kill -HUP $KILLPIDS
412 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
413 >> $TESTOUT 2>&1 << EOF
417 description: Outstanding
420 description: Mindboggling
424 if test $RC != 0 ; then
425 echo "ldapmodify failed for server 1 database ($RC)!"
426 test $KILLSERVERS != no && kill -HUP $KILLPIDS
430 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
431 >> $TESTOUT 2>&1 << EOF
435 description: OutStanding
442 if test $RC != 0 ; then
443 echo "ldapmodify failed for server 2 database ($RC)!"
444 test $KILLSERVERS != no && kill -HUP $KILLPIDS
448 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
449 >> $TESTOUT 2>&1 << EOF
460 if test $RC != 0 ; then
461 echo "ldapmodify failed for server 1 database ($RC)!"
462 test $KILLSERVERS != no && kill -HUP $KILLPIDS
466 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP2 -w $PASSWD \
467 >> $TESTOUT 2>&1 << EOF
471 employeeType: deadwood
478 if test $RC != 0 ; then
479 echo "ldapmodify failed for server 2 database ($RC)!"
480 test $KILLSERVERS != no && kill -HUP $KILLPIDS
484 $LDAPMODIFY -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -D "$MANAGERDN" -H $SURIP1 -w $PASSWD \
485 >> $TESTOUT 2>&1 << EOF
495 if test $RC != 0 ; then
496 echo "ldapmodify failed for server 1 database ($RC)!"
497 test $KILLSERVERS != no && kill -HUP $KILLPIDS
501 echo "Restoring replication between server 1 and 2..."
503 while [ $n -le $MMR ]; do
505 MYURI=`eval echo '$SURIP'$n`
506 PROVIDERURI=`eval echo '$SURIP'$o`
507 $LDAPMODIFY -D cn=config -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -H $MYURI -y $CONFIGPWF > $TESTOUT 2>&1 <<EOF
508 dn: olcDatabase={2}$BACKEND,cn=config
511 olcSyncRepl: rid=001 provider=$PROVIDERURI binddn="$MANAGERDN" bindmethod=simple
512 credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
513 retry="3 +" timeout=3 logbase="cn=log"
514 logfilter="(&(objectclass=auditWriteObject)(reqresult=0))"
515 syncdata=accesslog tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
517 replace: olcMirrorMode
522 if test $RC != 0 ; then
523 echo "ldapmodify failed for server $n config ($RC)!"
524 test $KILLSERVERS != no && kill -HUP $KILLPIDS
530 echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
534 while [ $n -le $MMR ]; do
535 PORT=`expr $BASEPORT + $n`
536 URI="ldaps://${LOCALIP}:$PORT/"
538 echo "Using ldapsearch to read all the entries from server $n..."
539 $LDAPSEARCH -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI -w $PASSWD \
540 'objectclass=*' > $TESTDIR/server$n.out 2>&1
543 if test $RC != 0 ; then
544 echo "ldapsearch failed at server $n ($RC)!"
545 test $KILLSERVERS != no && kill -HUP $KILLPIDS
548 $LDIFFILTER -s a < $TESTDIR/server$n.out > $TESTDIR/server$n.flt
553 while [ $n -le $MMR ]; do
554 echo "Comparing retrieved entries from server 1 and server $n..."
555 $CMP $MASTERFLT $TESTDIR/server$n.flt > $CMPOUT
557 if test $? != 0 ; then
558 echo "test failed - server 1 and server $n databases differ"
559 test $KILLSERVERS != no && kill -HUP $KILLPIDS
565 test $KILLSERVERS != no && kill -HUP $KILLPIDS
567 echo ">>>>> Test succeeded"
569 test $KILLSERVERS != no && wait