From 458f7d99bac119f6a241395e3363cf27bf973d32 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Wed, 1 Jul 2009 23:01:41 +0000 Subject: [PATCH] More for 1.124 - forwarded updates need Relax control since state attrs are no-user-mod. --- servers/slapd/overlays/ppolicy.c | 15 +++- tests/data/slapd-ppolicy.conf | 5 +- tests/scripts/test022-ppolicy | 148 +++++++++++++++++++++++++++++++ 3 files changed, 164 insertions(+), 4 deletions(-) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 10870f3755..606d9fc54f 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1131,6 +1131,7 @@ locked: SlapReply r2 = { REP_RESULT }; slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; pp_info *pi = on->on_bi.bi_private; + LDAPControl c, *ca[2]; op2.o_tag = LDAP_REQ_MODIFY; op2.o_callback = &cb; @@ -1144,10 +1145,20 @@ locked: * chain overlay. Obviously the updateref and chain overlay * must be configured appropriately for this to be useful. */ - if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates ) + if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates ) { op2.o_bd = frontendDB; - else + + /* Must use Relax control since these are no-user-mod */ + op2.o_relax = SLAP_CONTROL_CRITICAL; + op2.o_ctrls = ca; + ca[0] = &c; + ca[1] = NULL; + BER_BVZERO( &c.ldctl_value ); + c.ldctl_iscritical = 1; + c.ldctl_oid = LDAP_CONTROL_RELAX; + } else { op2.o_bd->bd_info = (BackendInfo *)on->on_info; + } rc = op2.o_bd->be_modify( &op2, &r2 ); slap_mods_free( mod, 1 ); } diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf index 0120126fe9..35eef20cc4 100644 --- a/tests/data/slapd-ppolicy.conf +++ b/tests/data/slapd-ppolicy.conf @@ -19,8 +19,6 @@ include @SCHEMADIR@/inetorgperson.schema include @SCHEMADIR@/openldap.schema include @SCHEMADIR@/nis.schema include @SCHEMADIR@/ppolicy.schema -pidfile @TESTDIR@/slapd.pid -argsfile @TESTDIR@/slapd.args #mod#modulepath ../servers/slapd/back-@BACKEND@/ #mod#moduleload back_@BACKEND@.la @@ -56,3 +54,6 @@ access to * by * read #monitor#database monitor + +database config +include @TESTDIR@/configpw.conf diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy index d92f5283dd..4dc3c3f5ea 100755 --- a/tests/scripts/test022-ppolicy +++ b/tests/scripts/test022-ppolicy @@ -23,6 +23,9 @@ fi mkdir -p $TESTDIR $DBDIR1 +$SLAPPASSWD -g -n >$CONFIGPWF +echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf + echo "Starting slapd on TCP/IP port $PORT1..." . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & @@ -402,6 +405,151 @@ if test $RC = 0 ; then exit 1 fi +if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then +echo "" +echo "Setting up policy state forwarding test..." + +mkdir $DBDIR2 +sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2 +echo "Starting slapd consumer on TCP/IP port $PORT2..." +$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$KILLPIDS $PID" + +echo "Configuring syncprov on provider..." +if [ "$SYNCPROV" = syncprovmod ]; then + $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: cn=module,cn=config +objectclass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/overlays +olcModuleLoad: syncprov.la + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi + +$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: {1}syncprov + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapadd failed for provider database config ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Configuring syncrepl on consumer..." +if [ "$BACKLDAP" = ldapmod ]; then + $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: cn=module,cn=config +objectclass: olcModuleList +cn: module +olcModulePath: $TESTWD/../servers/slapd/back-ldap +olcModuleLoad: back_ldap.la + +EOF + RC=$? + if test $RC != 0 ; then + echo "ldapadd failed for moduleLoad ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + fi +fi +$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 +dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcChainConfig +olcOverlay: {0}chain + +dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config +changetype: add +objectClass: olcLDAPConfig +objectClass: olcChainDatabase +olcDBURI: $URI1 +olcDbIDAssertBind: bindmethod=simple + binddn="cn=manager,dc=example,dc=com" + credentials=secret + mode=self + +dn: olcDatabase={1}$BACKEND,cn=config +changetype: modify +add: olcSyncrepl +olcSyncrepl: rid=1 + provider=$URI1 + binddn="cn=manager,dc=example,dc=com" + bindmethod=simple + credentials=secret + searchbase="dc=example,dc=com" + type=refreshAndPersist + retry="3 5 300 5" +- +add: olcUpdateref +olcUpdateref: $URI1 +- + +dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcPPolicyForwardUpdates +olcPPolicyForwardUpdates: TRUE +- + +EOF +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Waiting for consumer to sync..." +sleep $SLEEP1 + +echo "Testing policy state forwarding..." +$LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 +$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1 +COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` +if test $COUNT != 1 ; then + echo "Policy state forwarding failed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +# End of chaining test + +fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" -- 2.39.5