1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19# requires MSAD_URI, MSAD_SUFFIX, MSAD_ADMINDN, MSAD_ADMINPW
20if test -z "$MSAD_URI"; then
21	echo "No MSAD envvars set, test skipped"
22	exit 0
23fi
24if test $SYNCPROV = syncprovno; then 
25	echo "Syncrepl provider overlay not available, test skipped"
26	exit 0
27fi 
28
29mkdir -p $TESTDIR $DBDIR2
30
31URI1=$MSAD_URI
32BASEDN="ou=OpenLDAPtest,$MSAD_SUFFIX"
33DC=`echo $MSAD_SUFFIX | sed -e 's/dc=//' -e 's/,.*//'`
34
35#
36# Test replication:
37# - populate MSAD over ldap
38# - start consumer
39# - perform some modifies and deletes
40# - attempt to modify the consumer (referral)
41# - retrieve database over ldap and compare against expected results
42#
43
44# Notes:
45# We use a separate OU under the MSAD suffix to contain our test objects,
46# since we can't just wipe out the entire directory when starting over.
47# The replication search filter is thus more convoluted than would normally
48# be needed. Typically it would only need (|(objectclass=user)(objectclass=group))
49#
50# MSAD does referential integrity by default, so to get 1-to-1 modifications
51# we must add users before creating groups that reference them, and we
52# should delete group memberships before deleting users. If we delete
53# users first, MSAD will automatically remove them from their groups,
54# but won't notify us of these changed groups.
55# We could use the refint overlay to duplicate this behavior, but that's
56# beyond the scope of this test.
57
58echo "Using ldapsearch to check that MSAD is running..."
59$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -s base -b "$MSAD_SUFFIX" -H $MSAD_URI 'objectclass=*' > /dev/null 2>&1
60RC=$?
61if test $RC != 0 ; then
62	echo "ldapsearch failed ($RC)!"
63	exit $RC
64fi
65
66echo "Using ldapdelete to delete old MSAD test tree, if any..."
67$LDAPDELETE -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW -r "$BASEDN"
68RC=$?
69
70echo "Using ldapadd to create the test context entry in MSAD..."
71sed -e "s/dc=example,dc=com/$MSAD_SUFFIX/" < $LDIFDIRSYNCCP | \
72	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
73
74RC=$?
75if test $RC != 0 ; then
76	echo "ldapadd failed ($RC)!"
77	test $KILLSERVERS != no && kill -HUP $KILLPIDS
78	exit $RC
79fi
80
81echo "Starting consumer slapd on TCP/IP port $PORT2..."
82. $CONFFILTER $BACKEND < $DIRSYNC1CONF | . $CONFDIRSYNC > $CONF2
83$SLAPADD -f $CONF2 <<EOMODS
84dn: $MSAD_SUFFIX
85dc: $DC
86objectclass: organization
87objectclass: dcObject
88o: OpenLDAP Testing
89
90EOMODS
91$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
92CONSUMERPID=$!
93if test $WAIT != 0 ; then
94    echo CONSUMERPID $CONSUMERPID
95    read foo
96fi
97KILLPIDS="$KILLPIDS $CONSUMERPID"
98
99sleep 1
100
101echo "Using ldapsearch to check that consumer slapd is running..."
102for i in 0 1 2 3 4 5; do
103	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
104		'objectclass=*' > /dev/null 2>&1
105	RC=$?
106	if test $RC = 0 ; then
107		break
108	fi
109	echo "Waiting 5 seconds for slapd to start..."
110	sleep 5
111done
112
113if test $RC != 0 ; then
114	echo "ldapsearch failed ($RC)!"
115	test $KILLSERVERS != no && kill -HUP $KILLPIDS
116	exit $RC
117fi
118
119
120echo "Using ldapsearch to check that consumer received context entry..."
121for i in 0 1 2 3 4 5; do
122	$LDAPSEARCH -s base -b "$BASEDN" -H $URI2 \
123		'objectclass=*' > /dev/null 2>&1
124	RC=$?
125	if test $RC = 0 ; then
126		break
127	fi
128	echo "Waiting 5 seconds for syncrepl to catch up..."
129	sleep 5
130done
131
132if test $RC != 0 ; then
133	echo "ldapsearch failed ($RC)!"
134	test $KILLSERVERS != no && kill -HUP $KILLPIDS
135	exit $RC
136fi
137
138echo "Using ldapadd to populate MSAD..."
139sed -e "s/dc=example,dc=com/$BASEDN/" < $LDIFDIRSYNCNOCP | \
140	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
141RC=$?
142if test $RC != 0 ; then
143	echo "ldapadd failed ($RC)!"
144	test $KILLSERVERS != no && kill -HUP $KILLPIDS
145	exit $RC
146fi
147
148echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
149sleep $SLEEP1
150
151echo "Using ldapmodify to modify provider directory..."
152
153#
154# Do some modifications
155#
156
157$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
158	$TESTOUT 2>&1 << EOMODS
159dn: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
160changetype: modify
161add: carLicense
162carLicense: Orange Juice
163-
164delete: sn
165sn: Jones
166-
167add: sn
168sn: Jones
169
170dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
171changetype: modify
172replace: carLicense
173carLicense: Iced Tea
174carLicense: Mad Dog 20/20
175
176dn: cn=ITD Staff,ou=Groups,$BASEDN
177changetype: modify
178delete: uniquemember
179uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
180uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
181-
182add: uniquemember
183uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, $BASEDN
184uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
185
186dn: cn=All Staff,ou=Groups,$BASEDN
187changetype: modify
188replace: description
189description: The whole universe
190-
191delete: member
192member: cn=James A Jones 2,ou=Information Technology Division,ou=People,$BASEDN
193
194dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, $BASEDN
195changetype: add
196objectclass: inetorgperson
197objectclass: domainrelatedobject
198cn: Gern Jensen
199sn: Jensen
200uid: gjensen
201title: Chief Investigator, ITD
202postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
203seealso: cn=All Staff, ou=Groups, $BASEDN
204carLicense: Coffee
205homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
206description: Very odd
207facsimiletelephonenumber: +1 313 555 7557
208telephonenumber: +1 313 555 8343
209mail: gjensen@mailgw.example.com
210homephone: +1 313 555 8844
211associateddomain: test.openldap.org
212
213dn: ou=Retired, ou=People, $BASEDN
214changetype: add
215objectclass: organizationalUnit
216ou: Retired
217
218dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
219changetype: add
220objectclass: inetorgperson
221objectclass: domainrelatedobject
222cn: Rosco P. Coltrane
223sn: Coltrane
224uid: rosco
225associateddomain: test.openldap.org
226
227dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
228changetype: modrdn
229newrdn: cn=Rosco P. Coltrane
230deleteoldrdn: 1
231newsuperior: ou=Retired, ou=People, $BASEDN
232
233dn: ou=testdomain1,$BASEDN
234changetype: modrdn
235newrdn: ou=itsdomain1
236deleteoldrdn: 1
237
238dn: ou=itsdomain1,$BASEDN
239changetype: modify
240replace: description
241description: Example, Inc. ITS test domain
242
243EOMODS
244
245RC=$?
246if test $RC != 0 ; then
247	echo "ldapmodify failed ($RC)!"
248	test $KILLSERVERS != no && kill -HUP $KILLPIDS
249	exit $RC
250fi
251
252echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
253sleep $SLEEP1
254
255echo "Performing modrdn alone on the provider..."
256$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
257	$TESTOUT 2>&1 << EOMODS
258dn: ou=testdomain2,$BASEDN
259changetype: modrdn
260newrdn: ou=itsdomain2
261deleteoldrdn: 1
262
263EOMODS
264
265RC=$?
266if test $RC != 0 ; then
267	echo "ldapmodify failed ($RC)!"
268	test $KILLSERVERS != no && kill -HUP $KILLPIDS
269	exit $RC
270fi
271
272echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
273sleep $SLEEP1
274
275echo "Performing modify alone on the provider..."
276$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
277	$TESTOUT 2>&1 << EOMODS
278dn: ou=itsdomain2,$BASEDN
279changetype: modify
280replace: description
281description: Example, Inc. itsdomain2 test domain
282
283EOMODS
284
285RC=$?
286if test $RC != 0 ; then
287	echo "ldapmodify failed ($RC)!"
288	test $KILLSERVERS != no && kill -HUP $KILLPIDS
289	exit $RC
290fi
291
292echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
293sleep $SLEEP1
294
295echo "Performing larger modify on the provider..."
296$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
297	$TESTOUT 2>&1 << EOMODS
298dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
299changetype: delete
300
301dn: cn=Alumni Assoc Staff,ou=Groups,$BASEDN
302changetype: modify
303replace: description
304description: blablabla
305-
306replace: member
307member: cn=Manager,$BASEDN
308member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,$BASEDN
309member: cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN
310member: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN
311member: cn=Jennifer Smith,ou=Alumni Association,ou=People,$BASEDN
312member: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN
313member: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN
314
315EOMODS
316
317RC=$?
318if test $RC != 0 ; then
319	echo "ldapmodify failed ($RC)!"
320	test $KILLSERVERS != no && kill -HUP $KILLPIDS
321	exit $RC
322fi
323
324echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
325sleep $SLEEP1
326
327OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
328
329echo "Using ldapsearch to read all the entries from the provider..."
330$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -S "" -H $MSAD_URI -b "$MSAD_SUFFIX" -E \!dirsync=0/0 -o ldif_wrap=120 \
331	'(associatedDomain=test.openldap.org)' > $PROVIDEROUT 2>&1
332RC=$?
333
334if test $RC != 0 ; then
335	echo "ldapsearch failed at provider ($RC)!"
336	test $KILLSERVERS != no && kill -HUP $KILLPIDS
337	exit $RC
338fi
339
340echo "Using ldapsearch to read all the entries from the consumer..."
341$LDAPSEARCH -S "" -b "$BASEDN" -H $URI2 -o ldif_wrap=120 \
342	'(objectclass=*)' > $CONSUMEROUT 2>&1
343RC=$?
344
345if test $RC != 0 ; then
346	echo "ldapsearch failed at consumer ($RC)!"
347	test $KILLSERVERS != no && kill -HUP $KILLPIDS
348	exit $RC
349fi
350
351test $KILLSERVERS != no && kill -HUP $KILLPIDS
352
353echo "Filtering provider results..."
354$LDIFFILTER -s a < $PROVIDEROUT | sed -e 's/CN=/cn=/g' -e 's/OU=/ou=/g' -e 's/DC=/dc=/g' > $PROVIDERFLT
355echo "Filtering consumer results..."
356$LDIFFILTER -s a < $CONSUMEROUT > $CONSUMERFLT
357
358echo "Comparing retrieved entries from provider and consumer..."
359$CMP $PROVIDERFLT $CONSUMERFLT > $CMPOUT
360
361if test $? != 0 ; then
362	echo "test failed - provider and consumer databases differ"
363	exit 1
364fi
365
366echo ">>>>> Test succeeded"
367
368test $KILLSERVERS != no && wait
369
370exit 0
371