]> git.sur5r.net Git - openldap/commitdiff
Checkpoint for ITS8444 work. Need to improve failure scenario, as this can take...
authorQuanah Gibson-Mount <quanah@openldap.org>
Tue, 10 Jan 2017 19:30:15 +0000 (11:30 -0800)
committerQuanah Gibson-Mount <quanah@openldap.org>
Tue, 10 Jan 2017 19:30:15 +0000 (11:30 -0800)
tests/data/regressions/its8444/its8444 [new file with mode: 0755]
tests/data/regressions/its8444/slapd-provider1.ldif [new file with mode: 0644]
tests/data/regressions/its8444/slapd-provider2.ldif [new file with mode: 0644]
tests/data/regressions/its8444/slapd-provider3.ldif [new file with mode: 0644]
tests/data/regressions/its8444/slapd-provider4.ldif [new file with mode: 0644]

diff --git a/tests/data/regressions/its8444/its8444 b/tests/data/regressions/its8444/its8444
new file mode 100755 (executable)
index 0000000..e1ca143
--- /dev/null
@@ -0,0 +1,321 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+       echo "Syncrepl provider overlay not available, test skipped"
+       exit 0
+fi
+if test $ACCESSLOG = accesslogno; then
+        echo "Accesslog overlay not available, test skipped"
+        exit 0
+fi
+if test $DYNLIST = dynlistno; then
+        echo "Accesslog overlay not available, test skipped"
+        exit 0
+fi
+if test $MEMBEROF = memberofno; then
+        echo "Memberof overlay not available, test skipped"
+        exit 0
+fi
+if test $BACKEND = ldif ; then
+        # Onelevel search does not return entries in order of creation or CSN.
+        echo "$BACKEND backend unsuitable for syncprov logdb, test skipped"
+        exit 0
+fi
+
+echo "This test tracks a case where the memberof overlay incorrectly writes to"
+echo "the accesslog DB when a group is deleted."
+echo "See http://www.openldap.org/its/index.cgi/?findid=8444 for more information."
+
+MMR=4
+XDIR=$TESTDIR/srv
+
+mkdir -p $TESTDIR
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+
+ITS=8444
+ITSDIR=$DATADIR/regressions/its$ITS
+
+echo "Initializing server configurations..."
+
+n=1
+while [ $n -le $MMR ]; do
+       DBDIR=${XDIR}$n/db
+       CFDIR=${XDIR}$n/slapd.d
+
+       mkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
+       . $CONFFILTER $BACKEND $MONITORDB < $ITSDIR/slapd-provider${n}.ldif > $CONFLDIF
+       $SLAPADD -F $CFDIR -n 0 -l $CONFLDIF
+       n=`expr $n + 1`
+done
+
+KILLPIDS=
+n=1
+while [ $n -le $MMR ]; do
+       MYURI=`eval echo '$URI'$n`
+       MYLOG=`eval echo '$LOG'$n`
+       CFDIR=${XDIR}$n/slapd.d
+
+       echo "Starting provider slapd on TCP/IP URI $MYURI"
+       $SLAPD -F $CFDIR -h $MYURI -d $LVL $TIMING > $MYLOG 2>&1 &
+
+       PID=$!
+       if test $WAIT != 0 ; then
+               echo PID $PID
+               read foo
+       fi
+       KILLPIDS="$PID $KILLPIDS"
+       sleep 1
+
+       echo "Using ldapsearch to check that provider slapd is running..."
+       for i in 0 1 2 3 4 5; do
+               $LDAPSEARCH -s base -b "" -H $MYURI \
+                       'objectclass=*' > /dev/null 2>&1
+               RC=$?
+               if test $RC = 0 ; then
+                       break
+               fi
+               echo "Waiting 5 seconds for slapd to start..."
+               sleep 5
+       done
+
+       if test $RC != 0 ; then
+               echo "ldapsearch failed ($RC)!"
+               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+               exit $RC
+       fi
+       n=`expr $n + 1`
+done
+
+echo "Populating database on first provider..."
+$LDAPADD -D $MANAGERDN -H $URI1 -w $PASSWD << EOMODS >> $TESTOUT 2>&1
+dn: $BASEDN
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=People,$BASEDN
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,$BASEDN
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=Roger Rabbit,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+
+dn: cn=Baby Herman,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+
+dn: cn=Jessica Rabbit,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Jessica Rabbit
+sn: Rabbit
+
+dn: cn=Bugs Bunny,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Bugs Bunny
+sn: Bunny
+
+dn: cn=Daffy Duck,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Daffy Duck
+sn: Duck
+
+dn: cn=Elmer Fudd,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Elmer Fudd
+sn: Fudd
+
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,$BASEDN
+member: cn=Baby Herman,ou=People,$BASEDN
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapadd failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+echo "Sleeping 10 seconds to allow replication to initiate..."
+sleep 10
+
+echo "Looping 50 times adding and deleting members to the Cartoonia group..."
+modloop=1
+while [ $modloop -le 50 ]; do
+       echo "Adding new members to the group (${modloop}/50)..."
+       $LDAPMODIFY -H $URI1 \
+               -D "cn=Manager,$BASEDN" -w $PASSWD \
+               >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: modify
+add: member
+member: cn=Jessica Rabbit,ou=People,$BASEDN
+member: cn=Elmer Fudd,ou=People,$BASEDN
+member: cn=Daffy Duck,ou=People,$BASEDN
+member: cn=Bugs Bunny,ou=People,$BASEDN
+EOF
+
+       sleep 3
+       
+       echo "Deleting new members from the group..."
+       $LDAPMODIFY -H $URI1 \
+               -D "cn=Manager,$BASEDN" -w $PASSWD \
+               >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: modify
+delete: member
+member: cn=Jessica Rabbit,ou=People,$BASEDN
+member: cn=Elmer Fudd,ou=People,$BASEDN
+member: cn=Daffy Duck,ou=People,$BASEDN
+member: cn=Bugs Bunny,ou=People,$BASEDN
+EOF
+       sleep 3
+
+       echo "Searching new members to see if they still have memberOf present..."
+       new_members=( "cn=Jessica Rabbit,ou=People,$BASEDN" "cn=Elmer Fudd,ou=People,$BASEDN" "cn=Daffy Duck,ou=People,$BASEDN" "cn=Bugs Bunny,ou=People,$BASEDN")
+       for member in "${new_members[@]}"
+       do
+               n=1
+               while [ $n -le $MMR ]; do
+                       >$SEARCHOUT
+                       echo "# Searching member $member after removal from Cartoonia group, provider $n" >> $SEARCHOUT
+                       MYURI=`eval echo '$URI'$n`
+                       $LDAPSEARCH -S "" -b "$member" -s base -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+                               '(objectClass=*)' 'memberOf' >> $SEARCHOUT 2>&1
+                       RC=$?
+                       if test $RC != 0 ; then
+                               echo "ldapsearch failed ($RC)!"
+                               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+                               exit $RC
+                       fi
+                       grep "memberOf:" $SEARCHOUT >/dev/null 2>&1
+                       RC=$?
+                       
+                       if test $RC != 1 ; then
+                               echo "User delete failed on one or more consumer."
+                               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+                               exit $RC
+                       fi
+                       n=`expr $n + 1`
+               done
+       done
+       modloop=`expr $modloop + 1`
+done
+
+echo "Looping 50 times deleting and adding Cartoonia group..."
+modloop=1
+while [ $modloop -le 50 ]; do
+       >$SEARCHOUT
+       echo "Running ldapdelete to remove a group (${modloop}/50)..."
+       $LDAPMODIFY -H $URI1 \
+               -D "cn=Manager,$BASEDN" -w $PASSWD \
+               >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: delete
+EOF
+
+       sleep 3
+
+       echo "Searching entire database on each provider after deleting Cartoonia group"
+
+       n=1
+       while [ $n -le $MMR ]; do
+               echo "# Searching the entire database after deleting Cartoonia, provider $n" >> $SEARCHOUT
+               MYURI=`eval echo '$URI'$n`
+               $LDAPSEARCH -S "" -b "$BASEDN" -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+                       '(objectClass=*)' '*' >> $SEARCHOUT 2>&1
+               RC=$?
+               if test $RC != 0 ; then
+                       echo "ldapsearch failed ($RC)!"
+                       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+                       exit $RC
+               fi
+               n=`expr $n + 1`
+       done
+
+       grep "cn=Cartoonia" $SEARCHOUT >/dev/null 2>&1
+       RC=$?
+
+       if test $RC != 1 ; then
+               echo "Group delete failed on one or more consumer."
+               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+               exit $RC
+       fi
+
+       echo "Running ldapmodify to add the group back..."
+       $LDAPMODIFY -H $URI1 \
+               -D "cn=Manager,$BASEDN" -w $PASSWD \
+               >> $TESTOUT 2>&1 <<EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,$BASEDN
+member: cn=Baby Herman,ou=People,$BASEDN
+EOF
+
+       sleep 3
+
+       echo "Searching entire database on each provider after re-adding Cartoonia group"
+
+       n=1
+       while [ $n -le $MMR ]; do
+               >$SEARCHOUT
+               echo "# Searching the entire database after re-adding Cartoonia, provider $n" >> $SEARCHOUT
+               MYURI=`eval echo '$URI'$n`
+               $LDAPSEARCH -S "" -b "$BASEDN" -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+                       '(objectClass=*)' '*' memberOf>> $SEARCHOUT 2>&1
+               RC=$?
+               if test $RC != 0 ; then
+                       echo "ldapsearch failed ($RC)!"
+                       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+                       exit $RC
+               fi
+               grep "memberOf:" $SEARCHOUT >/dev/null 2>&1
+               RC=$?
+               
+               if test $RC != 0 ; then
+                       echo "Group add failed on one or more consumer."
+                       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+                       exit $RC
+               fi
+
+               n=`expr $n + 1`
+       done
+       modloop=`expr $modloop + 1`
+done
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/data/regressions/its8444/slapd-provider1.ldif b/tests/data/regressions/its8444/slapd-provider1.ldif
new file mode 100644 (file)
index 0000000..d2a57a8
--- /dev/null
@@ -0,0 +1,160 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.1.pid
+olcArgsFile: @TESTDIR@/slapd.1.args
+olcServerID: 1
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn=""  by * read
+olcAccess: {1}to *  by self write  by users read  by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to *  by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv1/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv1/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor"  by * read
diff --git a/tests/data/regressions/its8444/slapd-provider2.ldif b/tests/data/regressions/its8444/slapd-provider2.ldif
new file mode 100644 (file)
index 0000000..fa72a2f
--- /dev/null
@@ -0,0 +1,160 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.2.pid
+olcArgsFile: @TESTDIR@/slapd.2.args
+olcServerID: 2
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn=""  by * read
+olcAccess: {1}to *  by self write  by users read  by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to *  by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv2/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv2/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor"  by * read
diff --git a/tests/data/regressions/its8444/slapd-provider3.ldif b/tests/data/regressions/its8444/slapd-provider3.ldif
new file mode 100644 (file)
index 0000000..26a3ea1
--- /dev/null
@@ -0,0 +1,160 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.3.pid
+olcArgsFile: @TESTDIR@/slapd.3.args
+olcServerID: 3
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn=""  by * read
+olcAccess: {1}to *  by self write  by users read  by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to *  by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv3/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv3/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor"  by * read
diff --git a/tests/data/regressions/its8444/slapd-provider4.ldif b/tests/data/regressions/its8444/slapd-provider4.ldif
new file mode 100644 (file)
index 0000000..eae330e
--- /dev/null
@@ -0,0 +1,160 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.4.pid
+olcArgsFile: @TESTDIR@/slapd.4.args
+olcServerID: 4
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn=""  by * read
+olcAccess: {1}to *  by self write  by users read  by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to *  by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv4/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv4/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor"  by * read