1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19# requires MSAD_URI, MSAD_SUFFIX, MSAD_ADMINDN, MSAD_ADMINPW 20if test -z "$MSAD_URI"; then 21 echo "No MSAD envvars set, test skipped" 22 exit 0 23fi 24if test $SYNCPROV = syncprovno; then 25 echo "Syncrepl provider overlay not available, test skipped" 26 exit 0 27fi 28 29mkdir -p $TESTDIR $DBDIR2 30 31URI1=$MSAD_URI 32BASEDN="ou=OpenLDAPtest,$MSAD_SUFFIX" 33DC=`echo $MSAD_SUFFIX | sed -e 's/dc=//' -e 's/,.*//'` 34 35# 36# Test replication: 37# - populate MSAD over ldap 38# - start consumer 39# - perform some modifies and deletes 40# - attempt to modify the consumer (referral) 41# - retrieve database over ldap and compare against expected results 42# 43 44# Notes: 45# We use a separate OU under the MSAD suffix to contain our test objects, 46# since we can't just wipe out the entire directory when starting over. 47# The replication search filter is thus more convoluted than would normally 48# be needed. Typically it would only need (|(objectclass=user)(objectclass=group)) 49# 50# MSAD does referential integrity by default, so to get 1-to-1 modifications 51# we must add users before creating groups that reference them, and we 52# should delete group memberships before deleting users. If we delete 53# users first, MSAD will automatically remove them from their groups, 54# but won't notify us of these changed groups. 55# We could use the refint overlay to duplicate this behavior, but that's 56# beyond the scope of this test. 57 58echo "Using ldapsearch to check that MSAD is running..." 59$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -s base -b "$MSAD_SUFFIX" -H $MSAD_URI 'objectclass=*' > /dev/null 2>&1 60RC=$? 61if test $RC != 0 ; then 62 echo "ldapsearch failed ($RC)!" 63 exit $RC 64fi 65 66echo "Using ldapdelete to delete old MSAD test tree, if any..." 67$LDAPDELETE -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW -r "$BASEDN" 68RC=$? 69 70echo "Using ldapadd to create the test context entry in MSAD..." 71sed -e "s/dc=example,dc=com/$MSAD_SUFFIX/" < $LDIFDIRSYNCCP | \ 72 $LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1 73 74RC=$? 75if test $RC != 0 ; then 76 echo "ldapadd failed ($RC)!" 77 test $KILLSERVERS != no && kill -HUP $KILLPIDS 78 exit $RC 79fi 80 81echo "Starting consumer slapd on TCP/IP port $PORT2..." 82. $CONFFILTER $BACKEND < $DIRSYNC1CONF | . $CONFDIRSYNC > $CONF2 83$SLAPADD -f $CONF2 <<EOMODS 84dn: $MSAD_SUFFIX 85dc: $DC 86objectclass: organization 87objectclass: dcObject 88o: OpenLDAP Testing 89 90EOMODS 91$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 92CONSUMERPID=$! 93if test $WAIT != 0 ; then 94 echo CONSUMERPID $CONSUMERPID 95 read foo 96fi 97KILLPIDS="$KILLPIDS $CONSUMERPID" 98 99sleep 1 100 101echo "Using ldapsearch to check that consumer slapd is running..." 102for i in 0 1 2 3 4 5; do 103 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 104 'objectclass=*' > /dev/null 2>&1 105 RC=$? 106 if test $RC = 0 ; then 107 break 108 fi 109 echo "Waiting 5 seconds for slapd to start..." 110 sleep 5 111done 112 113if test $RC != 0 ; then 114 echo "ldapsearch failed ($RC)!" 115 test $KILLSERVERS != no && kill -HUP $KILLPIDS 116 exit $RC 117fi 118 119 120echo "Using ldapsearch to check that consumer received context entry..." 121for i in 0 1 2 3 4 5; do 122 $LDAPSEARCH -s base -b "$BASEDN" -H $URI2 \ 123 'objectclass=*' > /dev/null 2>&1 124 RC=$? 125 if test $RC = 0 ; then 126 break 127 fi 128 echo "Waiting 5 seconds for syncrepl to catch up..." 129 sleep 5 130done 131 132if test $RC != 0 ; then 133 echo "ldapsearch failed ($RC)!" 134 test $KILLSERVERS != no && kill -HUP $KILLPIDS 135 exit $RC 136fi 137 138echo "Using ldapadd to populate MSAD..." 139sed -e "s/dc=example,dc=com/$BASEDN/" < $LDIFDIRSYNCNOCP | \ 140 $LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1 141RC=$? 142if test $RC != 0 ; then 143 echo "ldapadd failed ($RC)!" 144 test $KILLSERVERS != no && kill -HUP $KILLPIDS 145 exit $RC 146fi 147 148echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 149sleep $SLEEP1 150 151echo "Using ldapmodify to modify provider directory..." 152 153# 154# Do some modifications 155# 156 157$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \ 158 $TESTOUT 2>&1 << EOMODS 159dn: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN 160changetype: modify 161add: carLicense 162carLicense: Orange Juice 163- 164delete: sn 165sn: Jones 166- 167add: sn 168sn: Jones 169 170dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN 171changetype: modify 172replace: carLicense 173carLicense: Iced Tea 174carLicense: Mad Dog 20/20 175 176dn: cn=ITD Staff,ou=Groups,$BASEDN 177changetype: modify 178delete: uniquemember 179uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN 180uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN 181- 182add: uniquemember 183uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, $BASEDN 184uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN 185 186dn: cn=All Staff,ou=Groups,$BASEDN 187changetype: modify 188replace: description 189description: The whole universe 190- 191delete: member 192member: cn=James A Jones 2,ou=Information Technology Division,ou=People,$BASEDN 193 194dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, $BASEDN 195changetype: add 196objectclass: inetorgperson 197objectclass: domainrelatedobject 198cn: Gern Jensen 199sn: Jensen 200uid: gjensen 201title: Chief Investigator, ITD 202postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 203seealso: cn=All Staff, ou=Groups, $BASEDN 204carLicense: Coffee 205homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 206description: Very odd 207facsimiletelephonenumber: +1 313 555 7557 208telephonenumber: +1 313 555 8343 209mail: gjensen@mailgw.example.com 210homephone: +1 313 555 8844 211associateddomain: test.openldap.org 212 213dn: ou=Retired, ou=People, $BASEDN 214changetype: add 215objectclass: organizationalUnit 216ou: Retired 217 218dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN 219changetype: add 220objectclass: inetorgperson 221objectclass: domainrelatedobject 222cn: Rosco P. Coltrane 223sn: Coltrane 224uid: rosco 225associateddomain: test.openldap.org 226 227dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN 228changetype: modrdn 229newrdn: cn=Rosco P. Coltrane 230deleteoldrdn: 1 231newsuperior: ou=Retired, ou=People, $BASEDN 232 233dn: ou=testdomain1,$BASEDN 234changetype: modrdn 235newrdn: ou=itsdomain1 236deleteoldrdn: 1 237 238dn: ou=itsdomain1,$BASEDN 239changetype: modify 240replace: description 241description: Example, Inc. ITS test domain 242 243EOMODS 244 245RC=$? 246if test $RC != 0 ; then 247 echo "ldapmodify failed ($RC)!" 248 test $KILLSERVERS != no && kill -HUP $KILLPIDS 249 exit $RC 250fi 251 252echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 253sleep $SLEEP1 254 255echo "Performing modrdn alone on the provider..." 256$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \ 257 $TESTOUT 2>&1 << EOMODS 258dn: ou=testdomain2,$BASEDN 259changetype: modrdn 260newrdn: ou=itsdomain2 261deleteoldrdn: 1 262 263EOMODS 264 265RC=$? 266if test $RC != 0 ; then 267 echo "ldapmodify failed ($RC)!" 268 test $KILLSERVERS != no && kill -HUP $KILLPIDS 269 exit $RC 270fi 271 272echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 273sleep $SLEEP1 274 275echo "Performing modify alone on the provider..." 276$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \ 277 $TESTOUT 2>&1 << EOMODS 278dn: ou=itsdomain2,$BASEDN 279changetype: modify 280replace: description 281description: Example, Inc. itsdomain2 test domain 282 283EOMODS 284 285RC=$? 286if test $RC != 0 ; then 287 echo "ldapmodify failed ($RC)!" 288 test $KILLSERVERS != no && kill -HUP $KILLPIDS 289 exit $RC 290fi 291 292echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 293sleep $SLEEP1 294 295echo "Performing larger modify on the provider..." 296$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \ 297 $TESTOUT 2>&1 << EOMODS 298dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN 299changetype: delete 300 301dn: cn=Alumni Assoc Staff,ou=Groups,$BASEDN 302changetype: modify 303replace: description 304description: blablabla 305- 306replace: member 307member: cn=Manager,$BASEDN 308member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,$BASEDN 309member: cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN 310member: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN 311member: cn=Jennifer Smith,ou=Alumni Association,ou=People,$BASEDN 312member: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN 313member: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN 314 315EOMODS 316 317RC=$? 318if test $RC != 0 ; then 319 echo "ldapmodify failed ($RC)!" 320 test $KILLSERVERS != no && kill -HUP $KILLPIDS 321 exit $RC 322fi 323 324echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..." 325sleep $SLEEP1 326 327OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp" 328 329echo "Using ldapsearch to read all the entries from the provider..." 330$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -S "" -H $MSAD_URI -b "$MSAD_SUFFIX" -E \!dirsync=0/0 -o ldif_wrap=120 \ 331 '(associatedDomain=test.openldap.org)' > $PROVIDEROUT 2>&1 332RC=$? 333 334if test $RC != 0 ; then 335 echo "ldapsearch failed at provider ($RC)!" 336 test $KILLSERVERS != no && kill -HUP $KILLPIDS 337 exit $RC 338fi 339 340echo "Using ldapsearch to read all the entries from the consumer..." 341$LDAPSEARCH -S "" -b "$BASEDN" -H $URI2 -o ldif_wrap=120 \ 342 '(objectclass=*)' > $CONSUMEROUT 2>&1 343RC=$? 344 345if test $RC != 0 ; then 346 echo "ldapsearch failed at consumer ($RC)!" 347 test $KILLSERVERS != no && kill -HUP $KILLPIDS 348 exit $RC 349fi 350 351test $KILLSERVERS != no && kill -HUP $KILLPIDS 352 353echo "Filtering provider results..." 354$LDIFFILTER -s a < $PROVIDEROUT | sed -e 's/CN=/cn=/g' -e 's/OU=/ou=/g' -e 's/DC=/dc=/g' > $PROVIDERFLT 355echo "Filtering consumer results..." 356$LDIFFILTER -s a < $CONSUMEROUT > $CONSUMERFLT 357 358echo "Comparing retrieved entries from provider and consumer..." 359$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT 360 361if test $? != 0 ; then 362 echo "test failed - provider and consumer databases differ" 363 exit 1 364fi 365 366echo ">>>>> Test succeeded" 367 368test $KILLSERVERS != no && wait 369 370exit 0 371