]> git.sur5r.net Git - openldap/commitdiff
More for 1.124 - forwarded updates need Relax control since state attrs
authorQuanah Gibson-Mount <quanah@openldap.org>
Wed, 1 Jul 2009 23:01:41 +0000 (23:01 +0000)
committerQuanah Gibson-Mount <quanah@openldap.org>
Wed, 1 Jul 2009 23:01:41 +0000 (23:01 +0000)
are no-user-mod.

servers/slapd/overlays/ppolicy.c
tests/data/slapd-ppolicy.conf
tests/scripts/test022-ppolicy

index 10870f3755ef9c30e661703eb3032aceb23132ad..606d9fc54f0b4b979cdbe36346c859eb560af1d9 100644 (file)
@@ -1131,6 +1131,7 @@ locked:
                SlapReply r2 = { REP_RESULT };
                slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
                pp_info *pi = on->on_bi.bi_private;
+               LDAPControl c, *ca[2];
 
                op2.o_tag = LDAP_REQ_MODIFY;
                op2.o_callback = &cb;
@@ -1144,10 +1145,20 @@ locked:
                 * chain overlay. Obviously the updateref and chain overlay
                 * must be configured appropriately for this to be useful.
                 */
-               if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates )
+               if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates ) {
                        op2.o_bd = frontendDB;
-               else
+
+                       /* Must use Relax control since these are no-user-mod */
+                       op2.o_relax = SLAP_CONTROL_CRITICAL;
+                       op2.o_ctrls = ca;
+                       ca[0] = &c;
+                       ca[1] = NULL;
+                       BER_BVZERO( &c.ldctl_value );
+                       c.ldctl_iscritical = 1;
+                       c.ldctl_oid = LDAP_CONTROL_RELAX;
+               } else {
                        op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+               }
                rc = op2.o_bd->be_modify( &op2, &r2 );
                slap_mods_free( mod, 1 );
        }
index 0120126fe9f36aca01f2508288f7358f07091041..35eef20cc43829a21099c1283c050f2e99c46089 100644 (file)
@@ -19,8 +19,6 @@ include               @SCHEMADIR@/inetorgperson.schema
 include                @SCHEMADIR@/openldap.schema
 include                @SCHEMADIR@/nis.schema
 include                @SCHEMADIR@/ppolicy.schema
-pidfile                @TESTDIR@/slapd.pid
-argsfile       @TESTDIR@/slapd.args
 
 #mod#modulepath        ../servers/slapd/back-@BACKEND@/
 #mod#moduleload        back_@BACKEND@.la
@@ -56,3 +54,6 @@ access to *
        by * read
 
 #monitor#database      monitor
+
+database config
+include                @TESTDIR@/configpw.conf
index d92f5283dd3ad96c1aa1ca1581ce79853d0f36c4..4dc3c3f5ea93cc583cd9bab938a2dcb416f7b5af 100755 (executable)
@@ -23,6 +23,9 @@ fi
 
 mkdir -p $TESTDIR $DBDIR1
 
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
+
 echo "Starting slapd on TCP/IP port $PORT1..."
 . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
@@ -402,6 +405,151 @@ if test $RC = 0 ; then
        exit 1
 fi
 
+if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno"  ; then 
+echo ""
+echo "Setting up policy state forwarding test..."
+
+mkdir $DBDIR2
+sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2
+echo "Starting slapd consumer on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+    echo PID $PID
+    read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+echo "Configuring syncprov on provider..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+       $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectclass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+
+EOF
+       RC=$?
+       if test $RC != 0 ; then
+               echo "ldapadd failed for moduleLoad ($RC)!"
+               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+               exit $RC
+       fi
+fi
+
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: {1}syncprov
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+    echo "ldapadd failed for provider database config ($RC)!"
+    test $KILLSERVERS != no && kill -HUP $KILLPIDS
+    exit $RC
+fi
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+       $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+               'objectclass=*' > /dev/null 2>&1
+       RC=$?
+       if test $RC = 0 ; then
+               break
+       fi
+       echo "Waiting 5 seconds for slapd to start..."
+       sleep 5
+done
+if test $RC != 0 ; then
+       echo "ldapsearch failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+echo "Configuring syncrepl on consumer..."
+if [ "$BACKLDAP" = ldapmod ]; then
+       $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectclass: olcModuleList
+cn: module
+olcModulePath: $TESTWD/../servers/slapd/back-ldap
+olcModuleLoad: back_ldap.la
+
+EOF
+       RC=$?
+       if test $RC != 0 ; then
+               echo "ldapadd failed for moduleLoad ($RC)!"
+               test $KILLSERVERS != no && kill -HUP $KILLPIDS
+               exit $RC
+       fi
+fi
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcChainConfig
+olcOverlay: {0}chain
+
+dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
+changetype: add
+objectClass: olcLDAPConfig
+objectClass: olcChainDatabase
+olcDBURI: $URI1
+olcDbIDAssertBind: bindmethod=simple
+  binddn="cn=manager,dc=example,dc=com"
+  credentials=secret
+  mode=self
+
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcSyncrepl
+olcSyncrepl: rid=1
+  provider=$URI1
+  binddn="cn=manager,dc=example,dc=com"
+  bindmethod=simple
+  credentials=secret
+  searchbase="dc=example,dc=com"
+  type=refreshAndPersist
+  retry="3 5 300 5"
+-
+add: olcUpdateref
+olcUpdateref: $URI1
+-
+
+dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcPPolicyForwardUpdates
+olcPPolicyForwardUpdates: TRUE
+-
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+echo "Waiting for consumer to sync..."
+sleep $SLEEP1
+
+echo "Testing policy state forwarding..."
+$LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
+$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1
+COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l`
+if test $COUNT != 1 ; then
+       echo "Policy state forwarding failed"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+
+# End of chaining test
+
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo ">>>>> Test succeeded"