1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19echo "### This test requires the ldap backend and glue overlay." 20echo "### If available, and explicitly requested, it can use SASL bind;" 21echo "### note that SASL must be properly set up, and the requested" 22echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," 23echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]." 24 25if test $BACKLDAP = "ldapno" ; then 26 echo "LDAP backend not available, test skipped" 27 exit 0 28fi 29 30if test $WITH_SASL = "yes" ; then 31 if test $USE_SASL != "no" ; then 32 if test $USE_SASL = "yes" ; then 33 MECH="DIGEST-MD5" 34 else 35 MECH="$USE_SASL" 36 fi 37 echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" 38 else 39 echo "Using proxyAuthz with simple authc..." 40 fi 41else 42 echo "SASL not available; using proxyAuthz with simple authc..." 43fi 44 45mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $DBDIR3 46 47echo "Running slapadd to build slapd database..." 48. $CONFFILTER $BACKEND < $LDAPGLUECONF1 > $ADDCONF 49$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE1 50RC=$? 51if test $RC != 0 ; then 52 echo "slapadd 1 failed ($RC)!" 53 exit $RC 54fi 55 56. $CONFFILTER $BACKEND < $LDAPGLUECONF2 > $ADDCONF 57$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE2 58RC=$? 59if test $RC != 0 ; then 60 echo "slapadd 2 failed ($RC)!" 61 exit $RC 62fi 63 64. $CONFFILTER $BACKEND < $LDAPGLUECONF3 > $ADDCONF 65$SLAPADD -f $ADDCONF -l $LDIFLDAPGLUE3 66RC=$? 67if test $RC != 0 ; then 68 echo "slapadd 3 failed ($RC)!" 69 exit $RC 70fi 71 72echo "Starting local slapd on TCP/IP port $PORT1..." 73. $CONFFILTER $BACKEND < $LDAPGLUECONF1 > $CONF1 74$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 75PID1=$! 76if test $WAIT != 0 ; then 77 echo PID $PID1 78 read foo 79fi 80 81echo "Starting remote slapd 1 on TCP/IP port $PORT2..." 82. $CONFFILTER $BACKEND < $LDAPGLUECONF2 > $CONF2 83$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 84PID2=$! 85if test $WAIT != 0 ; then 86 echo PID $PID2 87 read foo 88fi 89 90echo "Starting remote slapd 2 on TCP/IP port $PORT3..." 91. $CONFFILTER $BACKEND < $LDAPGLUECONF3 > $CONF3 92$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & 93PID3=$! 94if test $WAIT != 0 ; then 95 echo PID $PID3 96 read foo 97fi 98KILLPIDS="$PID1 $PID2 $PID3" 99 100sleep 1 101 102echo "Using ldapsearch to check that slapd is running..." 103for i in 0 1 2 3 4 5; do 104 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 105 'objectclass=*' > /dev/null 2>&1 106 RC=$? 107 if test $RC = 0 ; then 108 break 109 fi 110 echo "Waiting 5 seconds for slapd to start..." 111 sleep 5 112done 113 114echo "Using ldapsearch to check that slapd is running..." 115for i in 0 1 2 3 4 5; do 116 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 117 'objectclass=*' > /dev/null 2>&1 118 RC=$? 119 if test $RC = 0 ; then 120 break 121 fi 122 echo "Waiting 5 seconds for slapd to start..." 123 sleep 5 124done 125 126echo "Using ldapsearch to check that slapd is running..." 127for i in 0 1 2 3 4 5; do 128 $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ 129 'objectclass=*' > /dev/null 2>&1 130 RC=$? 131 if test $RC = 0 ; then 132 break 133 fi 134 echo "Waiting 5 seconds for slapd to start..." 135 sleep 5 136done 137 138ID="uid=bjorn,ou=People,dc=example,dc=com" 139BASE="dc=example,dc=com" 140echo "Testing ldapsearch as $ID for \"$BASE\"..." 141$LDAPSEARCH -H $URI1 -b "$BASE" \ 142 -D "$ID" -w bjorn > $SEARCHOUT 2>&1 143 144RC=$? 145if test $RC != 0 ; then 146 echo "ldapsearch failed ($RC)!" 147 test $KILLSERVERS != no && kill -HUP $KILLPIDS 148 exit $RC 149fi 150 151echo "Filtering ldapsearch results..." 152$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT 153echo "Filtering original ldif used to create database..." 154$LDIFFILTER -s ldif=e < $LDAPGLUEOUT > $LDIFFLT 155echo "Comparing filter output..." 156$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 157 158if test $? != 0 ; then 159 echo "comparison failed - glued search with identity assertion didn't succeed" 160 test $KILLSERVERS != no && kill -HUP $KILLPIDS 161 exit 1 162fi 163 164BASE="dc=example,dc=com" 165echo "Testing ldapsearch as anonymous for \"$BASE\"..." 166$LDAPSEARCH -H $URI1 -b "$BASE" \ 167 > $SEARCHOUT 2>&1 168 169RC=$? 170if test $RC != 0 ; then 171 echo "ldapsearch failed ($RC)!" 172 test $KILLSERVERS != no && kill -HUP $KILLPIDS 173 exit $RC 174fi 175 176echo "Filtering ldapsearch results..." 177$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 178echo "Filtering original ldif used to create database..." 179$LDIFFILTER < $LDAPGLUEANONYMOUSOUT > $LDIFFLT 180echo "Comparing filter output..." 181$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 182 183if test $? != 0 ; then 184 echo "comparison failed - anonymous glued search with identity assertion didn't succeed" 185 test $KILLSERVERS != no && kill -HUP $KILLPIDS 186 exit 1 187fi 188 189# FIXME: this cannot work as is, because SASL bind cannot be proxied! 190if test $USE_SASL != "no" ; then 191 ID="bjorn" 192 BASE="dc=example,dc=com" 193 echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." 194 $LDAPSASLSEARCH -H $URI1 -b "$BASE" \ 195 -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1 196 197 RC=$? 198 if test $RC != 0 ; then 199 echo "ldapsearch failed ($RC)!" 200 test $KILLSERVERS != no && kill -HUP $KILLPIDS 201 exit $RC 202 fi 203 204 echo "Filtering ldapsearch results..." 205 $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 206 echo "Filtering original ldif used to create database..." 207 $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT 208 echo "Comparing filter output..." 209 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 210 211 if test $? != 0 ; then 212 echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed" 213 test $KILLSERVERS != no && kill -HUP $KILLPIDS 214 exit 1 215 fi 216fi 217 218test $KILLSERVERS != no && kill -HUP $KILLPIDS 219 220echo ">>>>> Test succeeded" 221 222test $KILLSERVERS != no && wait 223 224exit 0 225