1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16PCACHETTL=${PCACHETTL-"1m"} 17PCACHENTTL=${PCACHENTTL-"1m"} 18PCACHESTTL=${PCACHESTTL-"1m"} 19PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"} 20PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"} 21PCACHETTR=${PCACHETTR-"2"} 22PCACHEBTTR=${PCACHEBTTR-"5"} 23 24. $SRCDIR/scripts/defines.sh 25 26LVL=0x100 27 28if test $PROXYCACHE = pcacheno; then 29 echo "Proxy cache overlay not available, test skipped" 30 exit 0 31fi 32 33if test $BACKLDAP = "ldapno" ; then 34 echo "LDAP backend not available, test skipped" 35 exit 0 36fi 37 38if test $BACKEND = ldif ; then 39 # The (mail=example.com*) queries hit a sizelimit, so which 40 # entry is returned depends on the ordering in the backend. 41 echo "Test does not support $BACKEND backend, test skipped" 42 exit 0 43fi 44 45mkdir -p $TESTDIR $DBDIR1 $DBDIR2 46 47# Test proxy caching: 48# - start provider 49# - start proxy cache 50# - populate provider 51# - perform a first search 52# - verify cacheability 53# - perform a second search with the same filter and same user 54# - verify answerability and cacheability of the bind 55# - perform a third search with the same user but a different filter 56# - verify cacheability of the bind and the non-answerability of the result 57 58echo "Starting provider slapd on TCP/IP port $PORT1..." 59. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1 60$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & 61PID=$! 62if test $WAIT != 0 ; then 63 echo PID $PID 64 read foo 65fi 66KILLPIDS="$PID" 67 68sleep 1 69 70echo "Using ldapsearch to check that provider slapd is running..." 71for i in 0 1 2 3 4 5; do 72 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 73 -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 74 RC=$? 75 if test $RC = 0 ; then 76 break 77 fi 78 echo "Waiting 5 seconds for slapd to start..." 79 sleep 5 80done 81 82if test $RC != 0 ; then 83 echo "ldapsearch failed ($RC)!" 84 test $KILLSERVERS != no && kill -HUP $KILLPIDS 85 exit $RC 86fi 87 88echo "Using ldapadd to populate the provider directory..." 89$LDAPADD -x -D "$MANAGERDN" -H $URI1 -w $PASSWD < \ 90 $LDIFORDERED > /dev/null 2>&1 91RC=$? 92if test $RC != 0 ; then 93 echo "ldapadd failed ($RC)!" 94 test $KILLSERVERS != no && kill -HUP $KILLPIDS 95 exit $RC 96fi 97 98echo "Starting proxy cache on TCP/IP port $PORT2..." 99. $CONFFILTER < $PROXYAUTHZCONF | sed \ 100 -e "s/@TTL@/${PCACHETTL}/" \ 101 -e "s/@NTTL@/${PCACHENTTL}/" \ 102 -e "s/@STTL@/${PCACHENTTL}/" \ 103 -e "s/@TTR@/${PCACHETTR}/" \ 104 -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/" \ 105 -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/" \ 106 -e "s/@BTTR@/${PCACHEBTTR}/" \ 107 > $CONF2 108 109$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & 110CACHEPID=$! 111if test $WAIT != 0 ; then 112 echo CACHEPID $CACHEPID 113 read foo 114fi 115KILLPIDS="$KILLPIDS $CACHEPID" 116 117sleep 1 118 119echo "Using ldapsearch to check that proxy slapd is running..." 120for i in 0 1 2 3 4 5; do 121 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 122 -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1 123 RC=$? 124 if test $RC = 0 ; then 125 break 126 fi 127 echo "Waiting 5 seconds for slapd to start..." 128 sleep 5 129done 130 131if test $RC != 0 ; then 132 echo "ldapsearch failed ($RC)!" 133 test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 exit $RC 135fi 136 137cat /dev/null > $SEARCHOUT 138 139echo "Making queries on the proxy cache..." 140CNT=0 141 142 143CNT=`expr $CNT + 1` 144USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 145UPASSWD="jaj" 146echo "Query $CNT: $USERDN" 147echo "# Query $CNT: $USERDN" >> $SEARCHOUT 148 149$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 150 -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 151RC=$? 152 153if test $RC != 0 ; then 154 echo "ldapsearch failed ($RC)!" 155 test $KILLSERVERS != no && kill -HUP $KILLPIDS 156 exit $RC 157fi 158 159# Check that the bind is cached 160grep "CACHING BIND for $USERDN" $LOG2 > /dev/null 161 162RC=$? 163if test $RC != 0 ; then 164 echo "Refresh failed" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 166 exit 1 167fi 168 169CNT=`expr $CNT + 1` 170USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 171UPASSWD="jaj" 172echo "Query $CNT: (Bind should be cached)" 173echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 174 175$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 176 -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 177 178RC=$? 179if test $RC != 0 ; then 180 echo "ldapsearch failed ($RC)!" 181 test $KILLSERVERS != no && kill -HUP $KILLPIDS 182 exit $RC 183fi 184 185grep "CACHED BIND for $USERDN" $LOG2 > /dev/null 186RC=$? 187if test $RC != 0 ; then 188 echo "Refresh failed" 189 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 190 exit 1 191fi 192 193CNT=`expr $CNT + 1` 194USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 195 196echo "Query $CNT: (Bind should be cached)" 197echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 198$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 199 -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT 200 201RC=$? 202if test $RC != 0 ; then 203 echo "ldapsearch failed ($RC)!" 204 test $KILLSERVERS != no && kill -HUP $KILLPIDS 205 exit $RC 206fi 207 208RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 209if test $RC != 2 ; then 210 echo "Bind wasn't answered from cache" 211 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 212 exit 1 213fi 214 215echo "=== New search on (sn=jo*)" 216cat /dev/null > $SEARCHOUT 217echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT 218$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \ 219 -D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT 220 221RC=$? 222if test $RC != 0 ; then 223 echo "ldapsearch failed ($RC)!" 224 test $KILLSERVERS != no && kill -HUP $KILLPIDS 225 exit $RC 226fi 227 228RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l` 229if test $RC != 3 ; then 230 echo "Bind wasn't answered from cache" 231 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 232 exit 1 233fi 234 235RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l` 236if test $RC != 3 ; then 237 echo "Search wasn't searched on remote peer" 238 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 239 exit 1 240fi 241 242RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l` 243if test $RC != 1 ; then 244 echo "Search wasn't retrieved on remote peer" 245 test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait 246 exit 1 247fi 248 249echo "Test succeeded" 250 251test $KILLSERVERS != no && kill -HUP $KILLPIDS 252 253test $KILLSERVERS != no && wait 254 255exit 0 256