--- /dev/null
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+if test $ACCESSLOG = accesslogno; then
+ echo "Accesslog overlay not available, test skipped"
+ exit 0
+fi
+if test $DYNLIST = dynlistno; then
+ echo "Accesslog overlay not available, test skipped"
+ exit 0
+fi
+if test $MEMBEROF = memberofno; then
+ echo "Memberof overlay not available, test skipped"
+ exit 0
+fi
+if test $BACKEND = ldif ; then
+ # Onelevel search does not return entries in order of creation or CSN.
+ echo "$BACKEND backend unsuitable for syncprov logdb, test skipped"
+ exit 0
+fi
+
+echo "This test tracks a case where the memberof overlay incorrectly writes to"
+echo "the accesslog DB when a group is deleted."
+echo "See http://www.openldap.org/its/index.cgi/?findid=8444 for more information."
+
+MMR=4
+XDIR=$TESTDIR/srv
+
+mkdir -p $TESTDIR
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+
+ITS=8444
+ITSDIR=$DATADIR/regressions/its$ITS
+
+echo "Initializing server configurations..."
+
+n=1
+while [ $n -le $MMR ]; do
+ DBDIR=${XDIR}$n/db
+ CFDIR=${XDIR}$n/slapd.d
+
+ mkdir -p ${XDIR}$n $DBDIR.1 $DBDIR.2 $CFDIR
+ . $CONFFILTER $BACKEND $MONITORDB < $ITSDIR/slapd-provider${n}.ldif > $CONFLDIF
+ $SLAPADD -F $CFDIR -n 0 -l $CONFLDIF
+ n=`expr $n + 1`
+done
+
+KILLPIDS=
+n=1
+while [ $n -le $MMR ]; do
+ MYURI=`eval echo '$URI'$n`
+ MYLOG=`eval echo '$LOG'$n`
+ CFDIR=${XDIR}$n/slapd.d
+
+ echo "Starting provider slapd on TCP/IP URI $MYURI"
+ $SLAPD -F $CFDIR -h $MYURI -d $LVL $TIMING > $MYLOG 2>&1 &
+
+ PID=$!
+ if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+ fi
+ KILLPIDS="$PID $KILLPIDS"
+ sleep 1
+
+ echo "Using ldapsearch to check that provider slapd is running..."
+ for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $MYURI \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+ done
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ n=`expr $n + 1`
+done
+
+echo "Populating database on first provider..."
+$LDAPADD -D $MANAGERDN -H $URI1 -w $PASSWD << EOMODS >> $TESTOUT 2>&1
+dn: $BASEDN
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: ou=People,$BASEDN
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,$BASEDN
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=Roger Rabbit,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Roger Rabbit
+sn: Rabbit
+
+dn: cn=Baby Herman,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Baby Herman
+sn: Herman
+
+dn: cn=Jessica Rabbit,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Jessica Rabbit
+sn: Rabbit
+
+dn: cn=Bugs Bunny,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Bugs Bunny
+sn: Bunny
+
+dn: cn=Daffy Duck,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Daffy Duck
+sn: Duck
+
+dn: cn=Elmer Fudd,ou=People,$BASEDN
+objectClass: inetOrgPerson
+cn: Elmer Fudd
+sn: Fudd
+
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,$BASEDN
+member: cn=Baby Herman,ou=People,$BASEDN
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Sleeping 10 seconds to allow replication to initiate..."
+sleep 10
+
+echo "Looping 50 times adding and deleting members to the Cartoonia group..."
+modloop=1
+while [ $modloop -le 50 ]; do
+ echo "Adding new members to the group (${modloop}/50)..."
+ $LDAPMODIFY -H $URI1 \
+ -D "cn=Manager,$BASEDN" -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: modify
+add: member
+member: cn=Jessica Rabbit,ou=People,$BASEDN
+member: cn=Elmer Fudd,ou=People,$BASEDN
+member: cn=Daffy Duck,ou=People,$BASEDN
+member: cn=Bugs Bunny,ou=People,$BASEDN
+EOF
+
+ sleep 3
+
+ echo "Deleting new members from the group..."
+ $LDAPMODIFY -H $URI1 \
+ -D "cn=Manager,$BASEDN" -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: modify
+delete: member
+member: cn=Jessica Rabbit,ou=People,$BASEDN
+member: cn=Elmer Fudd,ou=People,$BASEDN
+member: cn=Daffy Duck,ou=People,$BASEDN
+member: cn=Bugs Bunny,ou=People,$BASEDN
+EOF
+ sleep 3
+
+ echo "Searching new members to see if they still have memberOf present..."
+ new_members=( "cn=Jessica Rabbit,ou=People,$BASEDN" "cn=Elmer Fudd,ou=People,$BASEDN" "cn=Daffy Duck,ou=People,$BASEDN" "cn=Bugs Bunny,ou=People,$BASEDN")
+ for member in "${new_members[@]}"
+ do
+ n=1
+ while [ $n -le $MMR ]; do
+ >$SEARCHOUT
+ echo "# Searching member $member after removal from Cartoonia group, provider $n" >> $SEARCHOUT
+ MYURI=`eval echo '$URI'$n`
+ $LDAPSEARCH -S "" -b "$member" -s base -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+ '(objectClass=*)' 'memberOf' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ grep "memberOf:" $SEARCHOUT >/dev/null 2>&1
+ RC=$?
+
+ if test $RC != 1 ; then
+ echo "User delete failed on one or more consumer."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ n=`expr $n + 1`
+ done
+ done
+ modloop=`expr $modloop + 1`
+done
+
+echo "Looping 50 times deleting and adding Cartoonia group..."
+modloop=1
+while [ $modloop -le 50 ]; do
+ >$SEARCHOUT
+ echo "Running ldapdelete to remove a group (${modloop}/50)..."
+ $LDAPMODIFY -H $URI1 \
+ -D "cn=Manager,$BASEDN" -w $PASSWD \
+ >> $TESTOUT 2>&1 << EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: delete
+EOF
+
+ sleep 3
+
+ echo "Searching entire database on each provider after deleting Cartoonia group"
+
+ n=1
+ while [ $n -le $MMR ]; do
+ echo "# Searching the entire database after deleting Cartoonia, provider $n" >> $SEARCHOUT
+ MYURI=`eval echo '$URI'$n`
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+ '(objectClass=*)' '*' >> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ n=`expr $n + 1`
+ done
+
+ grep "cn=Cartoonia" $SEARCHOUT >/dev/null 2>&1
+ RC=$?
+
+ if test $RC != 1 ; then
+ echo "Group delete failed on one or more consumer."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Running ldapmodify to add the group back..."
+ $LDAPMODIFY -H $URI1 \
+ -D "cn=Manager,$BASEDN" -w $PASSWD \
+ >> $TESTOUT 2>&1 <<EOF
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: add
+objectClass: groupOfNames
+cn: Cartoonia
+member: cn=Roger Rabbit,ou=People,$BASEDN
+member: cn=Baby Herman,ou=People,$BASEDN
+EOF
+
+ sleep 3
+
+ echo "Searching entire database on each provider after re-adding Cartoonia group"
+
+ n=1
+ while [ $n -le $MMR ]; do
+ >$SEARCHOUT
+ echo "# Searching the entire database after re-adding Cartoonia, provider $n" >> $SEARCHOUT
+ MYURI=`eval echo '$URI'$n`
+ $LDAPSEARCH -S "" -b "$BASEDN" -H $MYURI -D "cn=manager,$BASEDN" -w $PASSWD \
+ '(objectClass=*)' '*' memberOf>> $SEARCHOUT 2>&1
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+ grep "memberOf:" $SEARCHOUT >/dev/null 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "Group add failed on one or more consumer."
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ n=`expr $n + 1`
+ done
+ modloop=`expr $modloop + 1`
+done
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
--- /dev/null
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.1.pid
+olcArgsFile: @TESTDIR@/slapd.1.args
+olcServerID: 1
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn="" by * read
+olcAccess: {1}to * by self write by users read by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv1/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv1/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor" by * read
--- /dev/null
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.2.pid
+olcArgsFile: @TESTDIR@/slapd.2.args
+olcServerID: 2
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn="" by * read
+olcAccess: {1}to * by self write by users read by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv2/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv2/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor" by * read
--- /dev/null
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.3.pid
+olcArgsFile: @TESTDIR@/slapd.3.args
+olcServerID: 3
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn="" by * read
+olcAccess: {1}to * by self write by users read by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI4@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv3/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv3/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor" by * read
--- /dev/null
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcLogLevel: Sync
+olcLogLevel: Stats
+olcPidFile: @TESTDIR@/slapd.4.pid
+olcArgsFile: @TESTDIR@/slapd.4.args
+olcServerID: 4
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
+include: file://@TESTWD@/@SCHEMADIR@/dyngroup.ldif
+
+#mod#dn: cn=module{0},cn=config
+#mod#objectClass: olcModuleList
+#mod#cn: module{0}
+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
+#mod#olcModuleLoad: {0}back_@BACKEND@.la
+
+#monitormod#dn: cn=module{1},cn=config
+#monitormod#objectClass: olcModuleList
+#monitormod#cn: module{1}
+#monitormod#olcModulePath: @TESTWD@/../servers/slapd/back-monitor/
+#monitormod#olcModuleLoad: {0}back_monitor.la
+
+#memberofmod#dn: cn=module{2},cn=config
+#memberofmod#objectClass: olcModuleList
+#memberofmod#cn: module{2}
+#memberofmod#olcModulePath: @TESTWD@/../servers/slapd/overlays/
+#memberofmod#olcModuleLoad: {0}memberof.la
+#dynlistmod#olcModuleLoad: {1}dynlist.la
+#syncprovmod#olcModuleLoad: {2}syncprov.la
+#accesslogmod#olcModuleLoad: {3}accesslog.la
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to dn="" by * read
+olcAccess: {1}to * by self write by users read by anonymous auth
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by * none
+olcRootPW:< file://@TESTDIR@/configpw
+
+dn: olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {1}@BACKEND@
+olcSuffix: dc=example,dc=com
+olcRootDN: cn=manager,dc=example,dc=com
+olcRootPW: secret
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcMirrorMode: TRUE
+olcSyncrepl: {0}rid=100 provider=@URI2@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {1}rid=101 provider=@URI3@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+olcSyncrepl: {2}rid=102 provider=@URI1@ binddn="cn=manager,dc=example,dc=com
+ " credentials=secret bindmethod=simple searchbase="dc=example,dc=com" logba
+ se="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
+ " filter="(objectClass=*)" schemachecking=off attrs="*,+" type=refreshAndPe
+ rsist retry="60 +" tls_reqcert=never timeout=0 keepalive=240:10:30 syncdata
+ =accesslog network-timeout=0 scope=sub interval=00:00:00:03
+#~null~#olcDbDirectory: @TESTDIR@/srv4/db.1
+#indexdb#olcDbIndex: default eq
+#indexdb#olcDbIndex: objectClass
+#indexdb#olcDbIndex: entryUUID
+#indexdb#olcDbIndex: entryCSN
+#indexdb#olcDbIndex: cn pres,eq,sub
+#indexdb#olcDbIndex: uid pres,eq,sub
+#indexdb#olcDbIndex: uidNumber pres,eq
+#indexdb#olcDbIndex: gidNumber pres,eq
+#indexdb#olcDbIndex: mail pres,eq,sub
+#indexdb#olcDbIndex: sn pres,eq,sub
+#indexdb#olcDbIndex: memberUid
+#indexdb#olcDbIndex: uniqueMember pres,eq
+#indexdb#olcDbIndex: description pres,eq,sub
+#indexdb#olcDbIndex: title pres,eq,sub
+#indexdb#olcDbIndex: givenName pres,eq,sub
+#indexdb#olcDbIndex: member
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}dynlist,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcDynamicList
+olcOverlay: {0}dynlist
+olcDlAttrSet: {0}groupOfURLs memberURL
+
+dn: olcOverlay={1}memberof,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={2}syncprov,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {2}syncprov
+olcSpCheckpoint: 20 10
+olcSpSessionlog: 50
+
+dn: olcOverlay={3}accesslog,olcDatabase={1}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcAccessLogConfig
+olcOverlay: {3}accesslog
+olcAccessLogDB: cn=accesslog
+olcAccessLogOps: writes
+olcAccessLogPurge: 07+00:00 01+00:00
+olcAccessLogSuccess: TRUE
+
+dn: olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc@BACKEND@Config
+olcDatabase: {2}@BACKEND@
+olcSuffix: cn=accesslog
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+olcDbIndex: default eq
+olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart,reqDN
+#~null~#olcDbDirectory: @TESTDIR@/srv4/db.2
+#mdb#olcDbMaxSize: 33554432
+
+dn: olcOverlay={0}syncprov,olcDatabase={2}@BACKEND@,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcConfig
+objectClass: top
+objectClass: olcSyncProvConfig
+olcOverlay: {0}syncprov
+olcSpNoPresent: TRUE
+olcSpReloadHint: TRUE
+
+dn: olcDatabase={3}monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {3}monitor
+olcAccess: {0}to dn.subtree="cn=monitor" by * read