1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 2004-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19PERSONAL="(objectClass=inetOrgPerson)"
20NOWHERE="/dev/null"
21FAILURE="additional info:"
22
23if test $TRANSLUCENT = translucentno ; then 
24	echo "Translucent Proxy overlay not available, test skipped"
25	exit 0
26fi 
27
28if test $AC_ldap = ldapno ; then
29	echo "Translucent Proxy overlay requires back-ldap backend, test skipped"
30	exit 0
31fi
32
33# configure backside
34mkdir -p $TESTDIR $DBDIR1
35
36$SLAPPASSWD -g -n >$CONFIGPWF
37echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
38
39DBIX=2
40
41. $CONFFILTER $BACKEND < $TRANSLUCENTREMOTECONF > $CONF1
42echo "Running slapadd to build remote slapd database..."
43$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG
44RC=$?
45if test $RC != 0 ; then
46	echo "slapadd failed ($RC)!"
47	exit $RC
48fi
49
50echo "Starting remote slapd on TCP/IP port $PORT1..."
51$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
52PID=$!
53if test $WAIT != 0 ; then
54    echo PID $PID
55    read foo
56fi
57REMOTEPID="$PID"
58KILLPIDS="$PID"
59
60sleep 1
61
62for i in 0 1 2 3 4 5; do
63	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
64		'objectclass=*' > /dev/null 2>&1
65	RC=$?
66	if test $RC = 0 ; then
67		break
68	fi
69	echo "Waiting 5 seconds for remote slapd to start..."
70	sleep 5
71done
72
73if test $RC != 0 ; then
74	echo "ldapsearch failed ($RC)!"
75	test $KILLSERVERS != no && kill -HUP $KILLPIDS
76	exit $RC
77fi
78
79# configure frontside
80mkdir -p $DBDIR2
81
82. $CONFFILTER $BACKEND < $TRANSLUCENTLOCALCONF > $CONF2
83
84echo "Starting local slapd on TCP/IP port $PORT2..."
85$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
86PID=$!
87if test $WAIT != 0 ; then
88    echo PID $PID
89    read foo
90fi
91LOCALPID="$PID"
92KILLPIDS="$LOCALPID $REMOTEPID"
93
94sleep 1
95
96for i in 0 1 2 3 4 5; do
97	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
98		'objectclass=*' > /dev/null 2>&1
99	RC=$?
100	if test $RC = 0 ; then
101		break
102	fi
103	echo "Waiting 5 seconds for local slapd to start..."
104	sleep 5
105done
106
107if test $RC != 0 ; then
108	echo "ldapsearch failed ($RC)!"
109	test $KILLSERVERS != no && kill -HUP $KILLPIDS
110	exit $RC
111fi
112
113echo "Testing slapd Translucent Proxy operations..."
114
115echo "Testing search: no remote data defined..."
116
117$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1
118
119RC=$?
120if test $RC != 0 ; then
121	echo "ldapsearch failed ($RC)!"
122	test $KILLSERVERS != no && kill -HUP $KILLPIDS
123	exit $RC
124fi
125
126if test -s $SEARCHOUT; then
127	echo "ldapsearch should have returned no records!"
128	test $KILLSERVERS != no && kill -HUP $KILLPIDS
129	exit 1
130fi
131
132echo "Populating remote database..."
133
134$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \
135	-w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1
136
137RC=$?
138if test $RC != 0 ; then
139	echo "ldapadd failed ($RC)!"
140	test $KILLSERVERS != no && kill -HUP $KILLPIDS
141	exit $RC
142fi
143
144echo "Testing search: remote database via local slapd..."
145
146$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
147
148RC=$?
149if test $RC != 0 ; then
150	echo "ldapsearch failed ($RC)!"
151	test $KILLSERVERS != no && kill -HUP $KILLPIDS
152	exit $RC
153fi
154
155$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
156$LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT
157$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
158
159if test $? != 0 ; then
160	echo "Comparison failed -- corruption from remote to local!"
161	test $KILLSERVERS != no && kill -HUP $KILLPIDS
162	exit 1
163fi
164
165echo "Testing add: prohibited local record..."
166
167$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \
168	-w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
169
170RC=$?
171if test $RC != 50 ; then
172	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
173	grep "$FAILURE" $TESTOUT
174	test $KILLSERVERS != no && kill -HUP $KILLPIDS
175	exit 1
176fi
177
178echo "Testing add: valid local record, no_glue..."
179
180$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \
181	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
182
183RC=$?
184if test $RC != 32 && test $RC,$BACKEND != 0,null ; then
185	echo "ldapadd failed ($RC), expected NO SUCH OBJECT!"
186	grep "$FAILURE" $TESTOUT
187	test $KILLSERVERS != no && kill -HUP $KILLPIDS
188	exit 1
189fi
190
191echo "Testing modrdn: valid local record, no_glue..."
192
193$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
194	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
195
196RC=$?
197if test $RC != 32 && test $RC,$BACKEND != 0,null ; then
198	echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!"
199	grep "$FAILURE" $TESTOUT
200	test $KILLSERVERS != no && kill -HUP $KILLPIDS
201	exit 1
202fi
203
204echo "Dynamically configuring local slapd without translucent_no_glue..."
205
206$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
207dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
208changetype: modify
209replace: olcTranslucentNoGlue
210olcTranslucentNoGlue: FALSE
211EOF
212RC=$?
213if test $RC != 0 ; then
214    echo "ldapmodify of dynamic config failed ($RC)"
215    test $KILLSERVERS != no && kill -HUP $KILLPIDS
216    exit 1
217fi
218
219echo "Testing add: valid local record..."
220
221$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \
222	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
223
224RC=$?
225if test $RC != 0 ; then
226	echo "ldapadd failed ($RC)!"
227	grep "$FAILURE" $TESTOUT
228	test $KILLSERVERS != no && kill -HUP $KILLPIDS
229	exit $RC
230fi
231
232echo "Testing search: data merging..."
233
234$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
235
236RC=$?
237if test $RC != 0 ; then
238	echo "ldapsearch failed ($RC)!"
239	test $KILLSERVERS != no && kill -HUP $KILLPIDS
240	exit $RC
241fi
242
243$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
244$LDIFFILTER < $LDIFTRANSLUCENTMERGED > $LDIFFLT
245$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
246
247if test $? != 0 ; then
248	echo "Comparison failed -- local data failed to merge with remote!"
249	test $KILLSERVERS != no && kill -HUP $KILLPIDS
250	exit 1
251fi
252
253echo "Testing compare: valid local..."
254
255$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
256	"uid=danger,ou=users,o=translucent" "carLicense:LIVID"
257
258RC=$?
259if test $RC != 6 ; then
260	echo "ldapcompare failed ($RC), expected TRUE!"
261	test $KILLSERVERS != no && kill -HUP $KILLPIDS
262	exit 1
263fi
264
265echo "Testing compare: valid remote..."
266
267$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
268	"uid=binder,o=translucent" "businessCategory:binder-test-user"
269
270RC=$?
271if test $RC != 6 ; then
272	echo "ldapcompare failed ($RC), expected TRUE!"
273	test $KILLSERVERS != no && kill -HUP $KILLPIDS
274	exit 1
275fi
276
277echo "Testing compare: bogus local..."
278
279$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
280	"uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value"
281
282RC=$?
283if test $RC != 5 ; then
284	echo "ldapcompare failed ($RC), expected FALSE!"
285	test $KILLSERVERS != no && kill -HUP $KILLPIDS
286	exit 1
287fi
288
289echo "Testing compare: bogus remote..."
290
291$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
292	"uid=binder,o=translucent" "businessCategory:invalid-test-value"
293
294RC=$?
295if test $RC != 5 ; then
296	echo "ldapcompare failed ($RC), expected FALSE!"
297	test $KILLSERVERS != no && kill -HUP $KILLPIDS
298	exit 1
299fi
300
301echo "Testing modify: nonexistent record..."
302
303$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
304        $TESTOUT 2>&1 << EOF_MOD
305version: 1
306dn: uid=bogus,ou=users,o=translucent
307changetype: modify
308replace: roomNumber
309roomNumber: 31J-2112
310EOF_MOD
311
312RC=$?
313if test $RC != 32 ; then
314	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
315	grep "$FAILURE" $TESTOUT
316	test $KILLSERVERS != no && kill -HUP $KILLPIDS
317	exit 1
318fi
319
320echo "Testing modify: valid local record, nonexistent attribute..."
321
322$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
323        $TESTOUT 2>&1 << EOF_MOD1
324version: 1
325dn: uid=danger,ou=users,o=translucent
326changetype: modify
327replace: roomNumber
328roomNumber: 9N-21
329EOF_MOD1
330
331RC=$?
332if test $RC != 0 ; then
333	echo "ldapmodify failed ($RC)!"
334	grep "$FAILURE" $TESTOUT
335	test $KILLSERVERS != no && kill -HUP $KILLPIDS
336	exit $RC
337fi
338
339$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1
340
341RC=$?
342if test $RC != 0 ; then
343	echo "ldapsearch failed ($RC)!"
344	test $KILLSERVERS != no && kill -HUP $KILLPIDS
345	exit $RC
346fi
347
348ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
349if test "$ATTR" != "roomNumber: 9N-21" ; then
350	echo "modification failed!"
351	test $KILLSERVERS != no && kill -HUP $KILLPIDS
352	exit 1
353fi
354
355echo "Testing search: specific nonexistent remote attribute..."
356
357$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1
358
359RC=$?
360if test $RC != 0 ; then
361	echo "ldapsearch failed ($RC)!"
362	test $KILLSERVERS != no && kill -HUP $KILLPIDS
363	exit $RC
364fi
365
366echo "Testing modify: nonexistent local record, nonexistent attribute..."
367
368$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
369        $TESTOUT 2>&1 << EOF_MOD2
370version: 1
371dn: uid=fred,ou=users,o=translucent
372changetype: modify
373replace: roomNumber
374roomNumber: 31J-2112
375EOF_MOD2
376
377RC=$?
378if test $RC != 0 ; then
379	echo "ldapmodify failed ($RC)!"
380	grep "$FAILURE" $TESTOUT
381	test $KILLSERVERS != no && kill -HUP $KILLPIDS
382	exit $RC
383fi
384
385$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
386
387RC=$?
388if test $RC != 0 ; then
389	echo "ldapsearch failed ($RC)!"
390	test $KILLSERVERS != no && kill -HUP $KILLPIDS
391	exit $RC
392fi
393
394ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
395if test "$ATTR" != "roomNumber: 31J-2112" ; then
396	echo "modification failed!"
397	test $KILLSERVERS != no && kill -HUP $KILLPIDS
398	exit 1
399fi
400
401echo "Testing modify: valid remote record, nonexistent attribute..."
402
403$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
404        $TESTOUT 2>&1 << EOF_MOD9
405version: 1
406dn: uid=fred,ou=users,o=translucent
407changetype: modify
408delete: preferredLanguage
409EOF_MOD9
410
411RC=$?
412if test $RC != 16 ; then
413	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
414	grep "$FAILURE" $TESTOUT
415	test $KILLSERVERS != no && kill -HUP $KILLPIDS
416	exit 1
417fi
418
419echo "Testing delete: valid local record, nonexistent attribute..."
420
421$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
422        $TESTOUT 2>&1 << EOF_MOD4
423version: 1
424dn: uid=fred,ou=users,o=translucent
425changetype: modify
426delete: roomNumber
427EOF_MOD4
428
429RC=$?
430if test $RC != 0 ; then
431	echo "ldapmodify failed ($RC)!"
432	grep "$FAILURE" $TESTOUT
433	test $KILLSERVERS != no && kill -HUP $KILLPIDS
434	exit $RC
435fi
436
437echo "Testing modrdn: prohibited local record..."
438
439$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
440	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
441
442RC=$?
443if test $RC != 50 ; then
444	echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!"
445	grep "$FAILURE" $TESTOUT
446	test $KILLSERVERS != no && kill -HUP $KILLPIDS
447	exit 1
448fi
449
450echo "Testing modrdn: valid local record..."
451
452$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
453	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
454
455RC=$?
456if test $RC != 0 ; then
457	echo "ldapmodrdn failed ($RC)!"
458	grep "$FAILURE" $TESTOUT
459	test $KILLSERVERS != no && kill -HUP $KILLPIDS
460	exit $RC
461fi
462
463echo "Testing delete: prohibited local record..."
464
465$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
466        $TESTOUT 2>&1 << EOF_DEL2
467version: 1
468dn: uid=someguy,ou=users,o=translucent
469changetype: delete
470EOF_DEL2
471
472RC=$?
473if test $RC != 50 ; then
474	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
475	grep "$FAILURE" $TESTOUT
476	test $KILLSERVERS != no && kill -HUP $KILLPIDS
477	exit 1
478fi
479
480echo "Testing delete: valid local record..."
481
482$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
483        $TESTOUT 2>&1 << EOF_DEL3
484version: 1
485dn: uid=someguy,ou=users,o=translucent
486changetype: delete
487EOF_DEL3
488
489RC=$?
490if test $RC != 0 ; then
491	echo "ldapmodify failed ($RC)!"
492	grep "$FAILURE" $TESTOUT
493	test $KILLSERVERS != no && kill -HUP $KILLPIDS
494	exit $RC
495fi
496
497echo "Testing delete: valid remote record..."
498
499$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
500        $TESTOUT 2>&1 << EOF_DEL8
501version: 1
502dn: uid=fred,ou=users,o=translucent
503changetype: delete
504EOF_DEL8
505
506RC=$?
507if test $RC != 32 ; then
508	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
509	grep "$FAILURE" $TESTOUT
510	test $KILLSERVERS != no && kill -HUP $KILLPIDS
511	exit 1
512fi
513
514echo "Testing delete: nonexistent local record, nonexistent attribute..."
515
516$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
517        $TESTOUT 2>&1 << EOF_DEL1
518version: 1
519dn: uid=fred,ou=users,o=translucent
520changetype: modify
521delete: roomNumber
522EOF_DEL1
523
524RC=$?
525if test $RC != 0 ; then
526	echo "ldapmodify failed ($RC)!"
527	grep "$FAILURE" $TESTOUT
528	test $KILLSERVERS != no && kill -HUP $KILLPIDS
529	exit $RC
530fi
531
532$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
533
534RC=$?
535if test $RC != 0 ; then
536	echo "ldapsearch failed ($RC)!"
537	test $KILLSERVERS != no && kill -HUP $KILLPIDS
538	exit $RC
539fi
540
541echo "Testing delete: valid local record, nonexistent attribute..."
542
543$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
544        $TESTOUT 2>&1 << EOF_MOD8
545version: 1
546dn: uid=danger,ou=users,o=translucent
547changetype: modify
548delete: preferredLanguage
549EOF_MOD8
550
551RC=$?
552if test $RC != 16 ; then
553	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
554	grep "$FAILURE" $TESTOUT
555	test $KILLSERVERS != no && kill -HUP $KILLPIDS
556	exit 1
557fi
558
559echo "Testing delete: valid local record, remote attribute..."
560
561$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
562        $TESTOUT 2>&1 << EOF_MOD8
563version: 1
564dn: uid=danger,ou=users,o=translucent
565changetype: modify
566delete: initials
567EOF_MOD8
568
569RC=$?
570if test $RC != 0 ; then
571	echo "ldapmodify failed ($RC)"
572	grep "$FAILURE" $TESTOUT
573	test $KILLSERVERS != no && kill -HUP $KILLPIDS
574	exit 1
575fi
576
577echo "Testing modify: valid remote record, combination add-modify-delete..."
578
579$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
580        $TESTOUT 2>&1 << EOF_MOD6
581version: 1
582dn: uid=fred,ou=users,o=translucent
583changetype: modify
584delete: carLicense
585-
586add: preferredLanguage
587preferredLanguage: ISO8859-1
588-
589replace: employeeType
590employeeType: consultant
591EOF_MOD6
592
593RC=$?
594if test $RC != 0 ; then
595	echo "ldapmodify failed ($RC)!"
596	grep "$FAILURE" $TESTOUT
597	test $KILLSERVERS != no && kill -HUP $KILLPIDS
598	exit $RC
599fi
600
601$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
602
603RC=$?
604if test $RC != 0 ; then
605	echo "ldapsearch failed ($RC)!"
606	test $KILLSERVERS != no && kill -HUP $KILLPIDS
607	exit $RC
608fi
609
610ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1
611if test "$ATTR" != "employeeType: consultant" ; then
612	echo "modification failed!"
613	test $KILLSERVERS != no && kill -HUP $KILLPIDS
614	exit 1
615fi
616
617ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1
618if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then
619	echo "modification failed!"
620	test $KILLSERVERS != no && kill -HUP $KILLPIDS
621	exit 1
622fi
623
624echo "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..."
625
626$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
627dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
628changetype: modify
629replace: olcTranslucentNoGlue
630olcTranslucentNoGlue: TRUE
631-
632replace: olcTranslucentStrict
633olcTranslucentStrict: TRUE
634EOF
635RC=$?
636if test $RC != 0 ; then
637    echo "ldapmodify of dynamic config failed ($RC)"
638    test $KILLSERVERS != no && kill -HUP $KILLPIDS
639    exit 1
640fi
641
642echo "Testing strict mode delete: nonexistent local attribute..."
643
644$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
645        $TESTOUT 2>&1 << EOF_MOD5
646version: 1
647dn: uid=example,ou=users,o=translucent
648changetype: modify
649delete: preferredLanguage
650EOF_MOD5
651
652RC=$?
653if test $RC != 19 ; then
654	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
655	grep "$FAILURE" $TESTOUT
656	test $KILLSERVERS != no && kill -HUP $KILLPIDS
657	exit 1
658fi
659
660echo "Testing strict mode delete: nonexistent remote attribute..."
661
662$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
663        $TESTOUT 2>&1 << EOF_MOD3
664version: 1
665dn: uid=danger,ou=users,o=translucent
666changetype: modify
667delete: displayName
668EOF_MOD3
669
670RC=$?
671if test $RC != 19 ; then
672	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
673	grep "$FAILURE" $TESTOUT
674	test $KILLSERVERS != no && kill -HUP $KILLPIDS
675	exit 1
676fi
677
678echo "Testing strict mode modify: combination add-modify-delete..."
679
680$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
681        $TESTOUT 2>&1 << EOF_MOD6
682version: 1
683dn: uid=example,ou=users,o=translucent
684changetype: modify
685delete: carLicense
686-
687add: preferredLanguage
688preferredLanguage: ISO8859-1
689-
690replace: employeeType
691employeeType: consultant
692EOF_MOD6
693
694RC=$?
695if test $RC != 19 ; then
696	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
697	grep "$FAILURE" $TESTOUT
698	test $KILLSERVERS != no && kill -HUP $KILLPIDS
699	exit 1
700fi
701
702echo "Testing invalid Bind request..."
703$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \
704	$TESTOUT 2>&1
705RC=$?
706if test $RC != 49 ; then
707	echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!"
708	grep "$FAILURE" $TESTOUT
709	test $KILLSERVERS != no && kill -HUP $KILLPIDS
710	exit 1
711fi
712
713$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \
714	$TESTOUT 2>&1
715RC=$?
716if test $RC != 0 ; then
717	echo "ldapwhoami failed ($RC), expected SUCCESS!"
718	grep "$FAILURE" $TESTOUT
719	test $KILLSERVERS != no && kill -HUP $KILLPIDS
720	exit 1
721fi
722
723echo "Testing search: unconfigured local filter..."
724$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
725
726ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
727if test -n "$ATTR" ; then
728	echo "got result $ATTR, should have been no result"
729	test $KILLSERVERS != no && kill -HUP $KILLPIDS
730	exit 1
731fi
732
733echo "Dynamically configuring local slapd with translucent_local..."
734
735$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
736dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
737changetype: modify
738add: olcTranslucentLocal
739olcTranslucentLocal: employeeType
740EOF
741RC=$?
742if test $RC != 0 ; then
743    echo "ldapmodify of dynamic config failed ($RC)"
744    test $KILLSERVERS != no && kill -HUP $KILLPIDS
745    exit 1
746fi
747
748echo "Testing search: configured local filter..."
749$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
750
751ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
752if test -z "$ATTR" ; then
753	echo "got no result, should have found entry"
754	test $KILLSERVERS != no && kill -HUP $KILLPIDS
755	exit 1
756fi
757
758echo "Testing search: unconfigured remote filter..."
759$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
760
761ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
762if test -n "$ATTR" ; then
763	echo "got result $ATTR, should have been no result"
764	test $KILLSERVERS != no && kill -HUP $KILLPIDS
765	exit 1
766fi
767
768echo "Dynamically configuring local slapd with translucent_remote..."
769
770$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
771dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
772changetype: modify
773add: olcTranslucentRemote
774olcTranslucentRemote: carLicense
775EOF
776RC=$?
777if test $RC != 0 ; then
778    echo "ldapmodify of dynamic config failed ($RC)"
779    test $KILLSERVERS != no && kill -HUP $KILLPIDS
780    exit 1
781fi
782
783echo "Testing search: configured remote filter..."
784$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
785
786ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
787if test -z "$ATTR" ; then
788	echo "got no result, should have found entry"
789	test $KILLSERVERS != no && kill -HUP $KILLPIDS
790	exit 1
791fi
792
793test $KILLSERVERS != no && kill -HUP $KILLPIDS
794
795echo ">>>>> Test succeeded"
796
797test $KILLSERVERS != no && wait
798
799exit 0
800