1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 2004-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19PERSONAL="(objectClass=inetOrgPerson)"
20NOWHERE="/dev/null"
21FAILURE="additional info:"
22
23if test $TRANSLUCENT = translucentno ; then
24	echo "Translucent Proxy overlay not available, test skipped"
25	exit 0
26fi
27
28if test $AC_ldap = ldapno ; then
29	echo "Translucent Proxy overlay requires back-ldap backend, test skipped"
30	exit 0
31fi
32
33# configure backside
34mkdir -p $TESTDIR $DBDIR1
35
36$SLAPPASSWD -g -n >$CONFIGPWF
37echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
38
39if test $MONITORDB != no ; then
40	DBIX=2
41else
42	DBIX=1
43fi
44
45. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTREMOTECONF > $CONF1
46echo "Running slapadd to build remote slapd database..."
47$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG
48RC=$?
49if test $RC != 0 ; then
50	echo "slapadd failed ($RC)!"
51	exit $RC
52fi
53
54echo "Starting remote slapd on TCP/IP port $PORT1..."
55$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
56PID=$!
57if test $WAIT != 0 ; then
58    echo PID $PID
59    read foo
60fi
61REMOTEPID="$PID"
62KILLPIDS="$PID"
63
64sleep 1
65
66for i in 0 1 2 3 4 5; do
67	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
68		'objectclass=*' > /dev/null 2>&1
69	RC=$?
70	if test $RC = 0 ; then
71		break
72	fi
73	echo "Waiting 5 seconds for remote slapd to start..."
74	sleep 5
75done
76
77if test $RC != 0 ; then
78	echo "ldapsearch failed ($RC)!"
79	test $KILLSERVERS != no && kill -HUP $KILLPIDS
80	exit $RC
81fi
82
83# configure frontside
84mkdir -p $DBDIR2
85
86. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF > $CONF2
87
88echo "Starting local slapd on TCP/IP port $PORT2..."
89$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
90PID=$!
91if test $WAIT != 0 ; then
92    echo PID $PID
93    read foo
94fi
95LOCALPID="$PID"
96KILLPIDS="$LOCALPID $REMOTEPID"
97
98sleep 1
99
100for i in 0 1 2 3 4 5; do
101	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
102		'objectclass=*' > /dev/null 2>&1
103	RC=$?
104	if test $RC = 0 ; then
105		break
106	fi
107	echo "Waiting 5 seconds for local slapd to start..."
108	sleep 5
109done
110
111if test $RC != 0 ; then
112	echo "ldapsearch failed ($RC)!"
113	test $KILLSERVERS != no && kill -HUP $KILLPIDS
114	exit $RC
115fi
116
117echo "Testing slapd Translucent Proxy operations..."
118
119echo "Testing search: no remote data defined..."
120
121$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1
122
123RC=$?
124if test $RC != 0 ; then
125	echo "ldapsearch failed ($RC)!"
126	test $KILLSERVERS != no && kill -HUP $KILLPIDS
127	exit $RC
128fi
129
130if test -s $SEARCHOUT; then
131	echo "ldapsearch should have returned no records!"
132	test $KILLSERVERS != no && kill -HUP $KILLPIDS
133	exit 1
134fi
135
136echo "Populating remote database..."
137
138$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \
139	-w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1
140
141RC=$?
142if test $RC != 0 ; then
143	echo "ldapadd failed ($RC)!"
144	test $KILLSERVERS != no && kill -HUP $KILLPIDS
145	exit $RC
146fi
147
148echo "Testing search: remote database via local slapd..."
149
150$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
151
152RC=$?
153if test $RC != 0 ; then
154	echo "ldapsearch failed ($RC)!"
155	test $KILLSERVERS != no && kill -HUP $KILLPIDS
156	exit $RC
157fi
158
159$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
160$LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT
161$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
162
163if test $? != 0 ; then
164	echo "Comparison failed -- corruption from remote to local!"
165	test $KILLSERVERS != no && kill -HUP $KILLPIDS
166	exit 1
167fi
168
169echo "Testing add: prohibited local record..."
170
171$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \
172	-w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
173
174RC=$?
175if test $RC != 50 ; then
176	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
177	grep "$FAILURE" $TESTOUT
178	test $KILLSERVERS != no && kill -HUP $KILLPIDS
179	exit 1
180fi
181
182echo "Testing add: valid local record, no_glue..."
183
184$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \
185	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
186
187RC=$?
188if test $RC != 32 && test $RC,$BACKEND != 0,null ; then
189	echo "ldapadd failed ($RC), expected NO SUCH OBJECT!"
190	grep "$FAILURE" $TESTOUT
191	test $KILLSERVERS != no && kill -HUP $KILLPIDS
192	exit 1
193fi
194
195echo "Testing modrdn: valid local record, no_glue..."
196
197$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
198	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
199
200RC=$?
201if test $RC != 32 && test $RC,$BACKEND != 0,null ; then
202	echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!"
203	grep "$FAILURE" $TESTOUT
204	test $KILLSERVERS != no && kill -HUP $KILLPIDS
205	exit 1
206fi
207
208echo "Dynamically configuring local slapd without translucent_no_glue..."
209
210$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
211dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
212changetype: modify
213replace: olcTranslucentNoGlue
214olcTranslucentNoGlue: FALSE
215EOF
216RC=$?
217if test $RC != 0 ; then
218    echo "ldapmodify of dynamic config failed ($RC)"
219    test $KILLSERVERS != no && kill -HUP $KILLPIDS
220    exit 1
221fi
222
223echo "Testing add: valid local record..."
224
225$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \
226	-w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1
227
228RC=$?
229if test $RC != 0 ; then
230	echo "ldapadd failed ($RC)!"
231	grep "$FAILURE" $TESTOUT
232	test $KILLSERVERS != no && kill -HUP $KILLPIDS
233	exit $RC
234fi
235
236echo "Testing search: data merging..."
237
238$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1
239
240RC=$?
241if test $RC != 0 ; then
242	echo "ldapsearch failed ($RC)!"
243	test $KILLSERVERS != no && kill -HUP $KILLPIDS
244	exit $RC
245fi
246
247$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
248$LDIFFILTER < $LDIFTRANSLUCENTMERGED > $LDIFFLT
249$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
250
251if test $? != 0 ; then
252	echo "Comparison failed -- local data failed to merge with remote!"
253	test $KILLSERVERS != no && kill -HUP $KILLPIDS
254	exit 1
255fi
256
257echo "Testing compare: valid local..."
258
259$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
260	"uid=danger,ou=users,o=translucent" "carLicense:LIVID"
261
262RC=$?
263if test $RC != 6 ; then
264	echo "ldapcompare failed ($RC), expected TRUE!"
265	test $KILLSERVERS != no && kill -HUP $KILLPIDS
266	exit 1
267fi
268
269echo "Testing compare: valid remote..."
270
271$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
272	"uid=binder,o=translucent" "businessCategory:binder-test-user"
273
274RC=$?
275if test $RC != 6 ; then
276	echo "ldapcompare failed ($RC), expected TRUE!"
277	test $KILLSERVERS != no && kill -HUP $KILLPIDS
278	exit 1
279fi
280
281echo "Testing compare: bogus local..."
282
283$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
284	"uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value"
285
286RC=$?
287if test $RC != 5 ; then
288	echo "ldapcompare failed ($RC), expected FALSE!"
289	test $KILLSERVERS != no && kill -HUP $KILLPIDS
290	exit 1
291fi
292
293echo "Testing compare: bogus remote..."
294
295$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \
296	"uid=binder,o=translucent" "businessCategory:invalid-test-value"
297
298RC=$?
299if test $RC != 5 ; then
300	echo "ldapcompare failed ($RC), expected FALSE!"
301	test $KILLSERVERS != no && kill -HUP $KILLPIDS
302	exit 1
303fi
304
305echo "Testing modify: nonexistent record..."
306
307$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
308        $TESTOUT 2>&1 << EOF_MOD
309version: 1
310dn: uid=bogus,ou=users,o=translucent
311changetype: modify
312replace: roomNumber
313roomNumber: 31J-2112
314EOF_MOD
315
316RC=$?
317if test $RC != 32 ; then
318	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
319	grep "$FAILURE" $TESTOUT
320	test $KILLSERVERS != no && kill -HUP $KILLPIDS
321	exit 1
322fi
323
324echo "Testing modify: valid local record, nonexistent attribute..."
325
326$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
327        $TESTOUT 2>&1 << EOF_MOD1
328version: 1
329dn: uid=danger,ou=users,o=translucent
330changetype: modify
331replace: roomNumber
332roomNumber: 9N-21
333EOF_MOD1
334
335RC=$?
336if test $RC != 0 ; then
337	echo "ldapmodify failed ($RC)!"
338	grep "$FAILURE" $TESTOUT
339	test $KILLSERVERS != no && kill -HUP $KILLPIDS
340	exit $RC
341fi
342
343$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1
344
345RC=$?
346if test $RC != 0 ; then
347	echo "ldapsearch failed ($RC)!"
348	test $KILLSERVERS != no && kill -HUP $KILLPIDS
349	exit $RC
350fi
351
352ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
353if test "$ATTR" != "roomNumber: 9N-21" ; then
354	echo "modification failed!"
355	test $KILLSERVERS != no && kill -HUP $KILLPIDS
356	exit 1
357fi
358
359echo "Testing search: specific nonexistent remote attribute..."
360
361$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1
362
363RC=$?
364if test $RC != 0 ; then
365	echo "ldapsearch failed ($RC)!"
366	test $KILLSERVERS != no && kill -HUP $KILLPIDS
367	exit $RC
368fi
369
370echo "Testing modify: nonexistent local record, nonexistent attribute..."
371
372$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
373        $TESTOUT 2>&1 << EOF_MOD2
374version: 1
375dn: uid=fred,ou=users,o=translucent
376changetype: modify
377replace: roomNumber
378roomNumber: 31J-2112
379EOF_MOD2
380
381RC=$?
382if test $RC != 0 ; then
383	echo "ldapmodify failed ($RC)!"
384	grep "$FAILURE" $TESTOUT
385	test $KILLSERVERS != no && kill -HUP $KILLPIDS
386	exit $RC
387fi
388
389$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
390
391RC=$?
392if test $RC != 0 ; then
393	echo "ldapsearch failed ($RC)!"
394	test $KILLSERVERS != no && kill -HUP $KILLPIDS
395	exit $RC
396fi
397
398ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1
399if test "$ATTR" != "roomNumber: 31J-2112" ; then
400	echo "modification failed!"
401	test $KILLSERVERS != no && kill -HUP $KILLPIDS
402	exit 1
403fi
404
405echo "Testing modify: valid remote record, nonexistent attribute..."
406
407$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
408        $TESTOUT 2>&1 << EOF_MOD9
409version: 1
410dn: uid=fred,ou=users,o=translucent
411changetype: modify
412delete: preferredLanguage
413EOF_MOD9
414
415RC=$?
416if test $RC != 16 ; then
417	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
418	grep "$FAILURE" $TESTOUT
419	test $KILLSERVERS != no && kill -HUP $KILLPIDS
420	exit 1
421fi
422
423echo "Testing delete: valid local record, nonexistent attribute..."
424
425$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
426        $TESTOUT 2>&1 << EOF_MOD4
427version: 1
428dn: uid=fred,ou=users,o=translucent
429changetype: modify
430delete: roomNumber
431EOF_MOD4
432
433RC=$?
434if test $RC != 0 ; then
435	echo "ldapmodify failed ($RC)!"
436	grep "$FAILURE" $TESTOUT
437	test $KILLSERVERS != no && kill -HUP $KILLPIDS
438	exit $RC
439fi
440
441echo "Testing modrdn: prohibited local record..."
442
443$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
444	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
445
446RC=$?
447if test $RC != 50 ; then
448	echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!"
449	grep "$FAILURE" $TESTOUT
450	test $KILLSERVERS != no && kill -HUP $KILLPIDS
451	exit 1
452fi
453
454echo "Testing modrdn: valid local record..."
455
456$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
457	$TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy'
458
459RC=$?
460if test $RC != 0 ; then
461	echo "ldapmodrdn failed ($RC)!"
462	grep "$FAILURE" $TESTOUT
463	test $KILLSERVERS != no && kill -HUP $KILLPIDS
464	exit $RC
465fi
466
467echo "Testing delete: prohibited local record..."
468
469$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \
470        $TESTOUT 2>&1 << EOF_DEL2
471version: 1
472dn: uid=someguy,ou=users,o=translucent
473changetype: delete
474EOF_DEL2
475
476RC=$?
477if test $RC != 50 ; then
478	echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!"
479	grep "$FAILURE" $TESTOUT
480	test $KILLSERVERS != no && kill -HUP $KILLPIDS
481	exit 1
482fi
483
484echo "Testing delete: valid local record..."
485
486$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
487        $TESTOUT 2>&1 << EOF_DEL3
488version: 1
489dn: uid=someguy,ou=users,o=translucent
490changetype: delete
491EOF_DEL3
492
493RC=$?
494if test $RC != 0 ; then
495	echo "ldapmodify failed ($RC)!"
496	grep "$FAILURE" $TESTOUT
497	test $KILLSERVERS != no && kill -HUP $KILLPIDS
498	exit $RC
499fi
500
501echo "Testing delete: valid remote record..."
502
503$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
504        $TESTOUT 2>&1 << EOF_DEL8
505version: 1
506dn: uid=fred,ou=users,o=translucent
507changetype: delete
508EOF_DEL8
509
510RC=$?
511if test $RC != 32 ; then
512	echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!"
513	grep "$FAILURE" $TESTOUT
514	test $KILLSERVERS != no && kill -HUP $KILLPIDS
515	exit 1
516fi
517
518echo "Testing delete: nonexistent local record, nonexistent attribute..."
519
520$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
521        $TESTOUT 2>&1 << EOF_DEL1
522version: 1
523dn: uid=fred,ou=users,o=translucent
524changetype: modify
525delete: roomNumber
526EOF_DEL1
527
528RC=$?
529if test $RC != 0 ; then
530	echo "ldapmodify failed ($RC)!"
531	grep "$FAILURE" $TESTOUT
532	test $KILLSERVERS != no && kill -HUP $KILLPIDS
533	exit $RC
534fi
535
536$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
537
538RC=$?
539if test $RC != 0 ; then
540	echo "ldapsearch failed ($RC)!"
541	test $KILLSERVERS != no && kill -HUP $KILLPIDS
542	exit $RC
543fi
544
545echo "Testing delete: valid local record, nonexistent attribute..."
546
547$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
548        $TESTOUT 2>&1 << EOF_MOD8
549version: 1
550dn: uid=danger,ou=users,o=translucent
551changetype: modify
552delete: preferredLanguage
553EOF_MOD8
554
555RC=$?
556if test $RC != 16 ; then
557	echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!"
558	grep "$FAILURE" $TESTOUT
559	test $KILLSERVERS != no && kill -HUP $KILLPIDS
560	exit 1
561fi
562
563echo "Testing delete: valid local record, remote attribute..."
564
565$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
566        $TESTOUT 2>&1 << EOF_MOD8
567version: 1
568dn: uid=danger,ou=users,o=translucent
569changetype: modify
570delete: initials
571EOF_MOD8
572
573RC=$?
574if test $RC != 0 ; then
575	echo "ldapmodify failed ($RC)"
576	grep "$FAILURE" $TESTOUT
577	test $KILLSERVERS != no && kill -HUP $KILLPIDS
578	exit 1
579fi
580
581echo "Testing modify: valid remote record, combination add-modify-delete..."
582
583$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
584        $TESTOUT 2>&1 << EOF_MOD6
585version: 1
586dn: uid=fred,ou=users,o=translucent
587changetype: modify
588delete: carLicense
589-
590add: preferredLanguage
591preferredLanguage: ISO8859-1
592-
593replace: employeeType
594employeeType: consultant
595EOF_MOD6
596
597RC=$?
598if test $RC != 0 ; then
599	echo "ldapmodify failed ($RC)!"
600	grep "$FAILURE" $TESTOUT
601	test $KILLSERVERS != no && kill -HUP $KILLPIDS
602	exit $RC
603fi
604
605$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1
606
607RC=$?
608if test $RC != 0 ; then
609	echo "ldapsearch failed ($RC)!"
610	test $KILLSERVERS != no && kill -HUP $KILLPIDS
611	exit $RC
612fi
613
614ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1
615if test "$ATTR" != "employeeType: consultant" ; then
616	echo "modification failed!"
617	test $KILLSERVERS != no && kill -HUP $KILLPIDS
618	exit 1
619fi
620
621ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1
622if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then
623	echo "modification failed!"
624	test $KILLSERVERS != no && kill -HUP $KILLPIDS
625	exit 1
626fi
627
628echo "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..."
629
630$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
631dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
632changetype: modify
633replace: olcTranslucentNoGlue
634olcTranslucentNoGlue: TRUE
635-
636replace: olcTranslucentStrict
637olcTranslucentStrict: TRUE
638EOF
639RC=$?
640if test $RC != 0 ; then
641    echo "ldapmodify of dynamic config failed ($RC)"
642    test $KILLSERVERS != no && kill -HUP $KILLPIDS
643    exit 1
644fi
645
646echo "Testing strict mode delete: nonexistent local attribute..."
647
648$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
649        $TESTOUT 2>&1 << EOF_MOD5
650version: 1
651dn: uid=example,ou=users,o=translucent
652changetype: modify
653delete: preferredLanguage
654EOF_MOD5
655
656RC=$?
657if test $RC != 19 ; then
658	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
659	grep "$FAILURE" $TESTOUT
660	test $KILLSERVERS != no && kill -HUP $KILLPIDS
661	exit 1
662fi
663
664echo "Testing strict mode delete: nonexistent remote attribute..."
665
666$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
667        $TESTOUT 2>&1 << EOF_MOD3
668version: 1
669dn: uid=danger,ou=users,o=translucent
670changetype: modify
671delete: displayName
672EOF_MOD3
673
674RC=$?
675if test $RC != 19 ; then
676	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
677	grep "$FAILURE" $TESTOUT
678	test $KILLSERVERS != no && kill -HUP $KILLPIDS
679	exit 1
680fi
681
682echo "Testing strict mode modify: combination add-modify-delete..."
683
684$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
685        $TESTOUT 2>&1 << EOF_MOD6
686version: 1
687dn: uid=example,ou=users,o=translucent
688changetype: modify
689delete: carLicense
690-
691add: preferredLanguage
692preferredLanguage: ISO8859-1
693-
694replace: employeeType
695employeeType: consultant
696EOF_MOD6
697
698RC=$?
699if test $RC != 19 ; then
700	echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!"
701	grep "$FAILURE" $TESTOUT
702	test $KILLSERVERS != no && kill -HUP $KILLPIDS
703	exit 1
704fi
705
706echo "Testing invalid Bind request..."
707$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \
708	$TESTOUT 2>&1
709RC=$?
710if test $RC != 49 ; then
711	echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!"
712	grep "$FAILURE" $TESTOUT
713	test $KILLSERVERS != no && kill -HUP $KILLPIDS
714	exit 1
715fi
716
717$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \
718	$TESTOUT 2>&1
719RC=$?
720if test $RC != 0 ; then
721	echo "ldapwhoami failed ($RC), expected SUCCESS!"
722	grep "$FAILURE" $TESTOUT
723	test $KILLSERVERS != no && kill -HUP $KILLPIDS
724	exit 1
725fi
726
727echo "Testing search: unconfigured local filter..."
728$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
729
730ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
731if test -n "$ATTR" ; then
732	echo "got result $ATTR, should have been no result"
733	test $KILLSERVERS != no && kill -HUP $KILLPIDS
734	exit 1
735fi
736
737echo "Dynamically configuring local slapd with translucent_local..."
738
739$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
740dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
741changetype: modify
742add: olcTranslucentLocal
743olcTranslucentLocal: employeeType
744EOF
745RC=$?
746if test $RC != 0 ; then
747    echo "ldapmodify of dynamic config failed ($RC)"
748    test $KILLSERVERS != no && kill -HUP $KILLPIDS
749    exit 1
750fi
751
752echo "Testing search: configured local filter..."
753$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1
754
755ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
756if test -z "$ATTR" ; then
757	echo "got no result, should have found entry"
758	test $KILLSERVERS != no && kill -HUP $KILLPIDS
759	exit 1
760fi
761
762echo "Testing search: unconfigured remote filter..."
763$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
764
765ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
766if test -n "$ATTR" ; then
767	echo "got result $ATTR, should have been no result"
768	test $KILLSERVERS != no && kill -HUP $KILLPIDS
769	exit 1
770fi
771
772echo "Dynamically configuring local slapd with translucent_remote..."
773
774$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF
775dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config
776changetype: modify
777add: olcTranslucentRemote
778olcTranslucentRemote: carLicense
779EOF
780RC=$?
781if test $RC != 0 ; then
782    echo "ldapmodify of dynamic config failed ($RC)"
783    test $KILLSERVERS != no && kill -HUP $KILLPIDS
784    exit 1
785fi
786
787echo "Testing search: configured remote filter..."
788$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
789
790ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
791if test -z "$ATTR" ; then
792	echo "got no result, should have found entry"
793	test $KILLSERVERS != no && kill -HUP $KILLPIDS
794	exit 1
795fi
796
797test $KILLSERVERS != no && kill -HUP $KILLPIDS
798
799echo ">>>>> Test succeeded"
800
801test $KILLSERVERS != no && wait
802
803exit 0
804