[openldap] / tests / scripts / test032-chain

#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2017 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

if test $BACKLDAP = "ldapno" ; then 
        echo "LDAP backend not available, test skipped"
        exit 0
fi 

rm -rf $TESTDIR

mkdir -p $TESTDIR $DBDIR1 $DBDIR2

echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $ADDCONF
. $CONFFILTER < $LDIFCHAIN1 > $SEARCHOUT
$SLAPADD -f $ADDCONF -l $SEARCHOUT
RC=$?
if test $RC != 0 ; then
        echo "slapadd 1 failed ($RC)!"
        exit $RC
fi

. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $ADDCONF
. $CONFFILTER < $LDIFCHAIN2 > $SEARCHOUT
$SLAPADD -f $ADDCONF -l $SEARCHOUT
RC=$?
if test $RC != 0 ; then
        echo "slapadd 2 failed ($RC)!"
        exit $RC
fi

echo "Starting first slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF1 > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID1=$!
if test $WAIT != 0 ; then
    echo PID $PID1
    read foo
fi
KILLPIDS="$PID1"

echo "Starting second slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND $MONITORDB < $CHAINCONF2 > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
PID2=$!
if test $WAIT != 0 ; then
    echo PID $PID2
    read foo
fi

KILLPIDS="$KILLPIDS $PID2"

sleep 1

echo "Using ldapsearch to check that first slapd is running..."
for i in 0 1 2 3 4 5; do
        $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
                'objectclass=*' > /dev/null 2>&1
        RC=$?
        if test $RC = 0 ; then
                break
        fi
        echo "Waiting 5 seconds for slapd to start..."
        sleep 5
done

if test $RC != 0 ; then
        echo "ldapsearch failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

echo "Using ldapsearch to check that second slapd is running..."
for i in 0 1 2 3 4 5; do
        $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
                'objectclass=*' > /dev/null 2>&1
        RC=$?
        if test $RC = 0 ; then
                break
        fi
        echo "Waiting 5 seconds for slapd to start..."
        sleep 5
done

if test $RC != 0 ; then
        echo "ldapsearch failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

for P in $PORT1 $PORT2 ; do
        echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
        $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
                 > $SEARCHOUT 2>&1

        RC=$?
        if test $RC != 0 ; then
                echo "ldapsearch failed ($RC)!"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit $RC
        fi

        echo "Filtering ldapsearch results..."
        $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
        echo "Filtering original ldif used to create database..."
        $LDIFFILTER < $CHAINOUT > $LDIFFLT
        echo "Comparing filter output..."
        $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
        
        if test $? != 0 ; then
                echo "comparison failed - chained search didn't succeed"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit 1
        fi

        echo "Reading the referral entry \"ou=Other,$BASEDN\" as anonymous on port $P..."
        $LDAPSEARCH -h $LOCALHOST -p $P -b "ou=Other,$BASEDN" -S "" \
                 > $SEARCHOUT 2>&1

        RC=$?
        if test $RC != 0 ; then
                echo "ldapsearch failed ($RC)!"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit $RC
        fi

        echo "Filtering ldapsearch results..."
        $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
        echo "Filtering original ldif used to create database..."
        $LDIFFILTER < $CHAINREFOUT > $LDIFFLT
        echo "Comparing filter output..."
        $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
                
        if test $? != 0 ; then
                echo "comparison failed - chained search didn't succeed"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit 1
        fi

        DN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN"
        echo "Comparing \"$DN\" on port $P..."
        $LDAPCOMPARE -h $LOCALHOST -p $P "$DN" "cn:Mark Elliot" \
                 > $TESTOUT 2>&1

        RC=$?
        if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
                echo "ldapcompare failed ($RC)!"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit 1
        fi

        DN="ou=Other,$BASEDN"
        echo "Comparing \"$DN\" on port $P with manageDSAit control..."
        $LDAPCOMPARE -h $LOCALHOST -p $P -M "$DN" "ou:Other" \
                 > $TESTOUT 2>&1

        RC=$?
        if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
                echo "ldapcompare failed ($RC)!"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit 1
        fi
done

#
# Testing writes to first server
#
echo "Writing to first server with scope on second server..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
        $TESTOUT 2>&1 << EOMODS
dn: cn=New Group,ou=Groups,dc=example,dc=com
changetype: add
objectClass: groupOfNames
cn: New Group
member:

dn: cn=New Group,ou=Groups,dc=example,dc=com
changetype: modify
add: description
description: testing chain overlay writes...
-
replace: member
member: cn=New Group,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
-
add: owner
owner: cn=Manager,dc=example,dc=com
-

dn: cn=New Group,ou=Groups,dc=example,dc=com
changetype: modrdn
newrdn: cn=Renamed Group
deleteoldrdn: 1

dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: delete
EOMODS

RC=$?
if test $RC != 0 ; then
        echo "ldapmodify failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

#
# Testing writes to second server
#
echo "Writing to second server with scope on first server..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
        $TESTOUT 2>&1 << EOMODS
dn: cn=New User,ou=People,dc=example,dc=com
changetype: add
objectClass: person
cn: New User
sn: User
seeAlso: cn=New Group,ou=Groups,dc=example,dc=com

dn: cn=New User,ou=People,dc=example,dc=com
changetype: modify
add: description
description: testing chain overlay writes...
-
replace: seeAlso
seeAlso: cn=Renamed Group,ou=Groups,dc=example,dc=com
-

dn: cn=New User,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: cn=Renamed User
deleteoldrdn: 1

dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
changetype: delete
EOMODS

RC=$?
if test $RC != 0 ; then
        echo "ldapmodify failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

for P in $PORT1 $PORT2 ; do
        echo "Testing ldapsearch as anonymous for \"$BASEDN\" on port $P..."
        $LDAPSEARCH -h $LOCALHOST -p $P -b "$BASEDN" -S "" \
                 > $SEARCHOUT 2>&1

        RC=$?
        if test $RC != 0 ; then
                echo "ldapsearch failed ($RC)!"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit $RC
        fi

        echo "Filtering ldapsearch results..."
        $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
        echo "Filtering original ldif used to create database..."
        $LDIFFILTER < $CHAINMODOUT > $LDIFFLT
        echo "Comparing filter output..."
        $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
        
        if test $? != 0 ; then
                echo "comparison failed - chained search didn't succeed"
                test $KILLSERVERS != no && kill -HUP $KILLPIDS
                exit 1
        fi
done

NEWPW=newsecret
echo "Using ldappasswd on second server with scope on first server..."
$LDAPPASSWD -h $LOCALHOST -p $PORT2 \
        -w secret -s $NEWPW \
        -D "$MANAGERDN" "$BJORNSDN" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
        echo "ldappasswd failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

echo "Binding with newly changed password on first server..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 \
        -D "$BJORNSDN" -w $NEWPW
RC=$?
if test $RC != 0 ; then
        echo "ldapwhoami failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

# ITS#57??
$LDAPADD -h $LOCALHOST -p $PORT1 \
        -D "$MANAGERDN" -w secret \
        >> $TESTOUT 2>&1 \
        << EOMODS
dn: ou=Can't Contact,dc=example,dc=com
changetype: add
objectclass: referral
objectclass: extensibleobject
ou: Can't Contact
# invalid URI to test broken connectivity handling (search only)
ref: ${URI3}ou=Can't%20Contact,dc=example,dc=com
EOMODS

echo "Reading the referral entry \"ou=Can't Contact,$BASEDN\" as anonymous on port $PORT1..."
$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=Can't Contact)" \
         > $SEARCHOUT 2>&1

RC=$?
if test $RC != 0 ; then
        echo "ldapsearch failed ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0