1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2004-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19PERSONAL="(objectClass=inetOrgPerson)" 20NOWHERE="/dev/null" 21FAILURE="additional info:" 22 23if test $TRANSLUCENT = translucentno ; then 24 echo "Translucent Proxy overlay not available, test skipped" 25 exit 0 26fi 27 28if test $AC_ldap = ldapno ; then 29 echo "Translucent Proxy overlay requires back-ldap backend, test skipped" 30 exit 0 31fi 32 33# configure backside 34mkdir -p $TESTDIR $DBDIR1 35 36$SLAPPASSWD -g -n >$CONFIGPWF 37echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 38 39if test $MONITORDB != no ; then 40 DBIX=2 41else 42 DBIX=1 43fi 44 45. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTREMOTECONF > $CONF1 46echo "Running slapadd to build remote slapd database..." 47$SLAPADD -f $CONF1 -l $LDIFTRANSLUCENTCONFIG 48RC=$? 49if test $RC != 0 ; then 50 echo "slapadd failed ($RC)!" 51 exit $RC 52fi 53 54echo "Starting remote slapd on TCP/IP port $PORT1..." 55$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 56PID=$! 57if test $WAIT != 0 ; then 58 echo PID $PID 59 read foo 60fi 61REMOTEPID="$PID" 62KILLPIDS="$PID" 63 64sleep 1 65 66for i in 0 1 2 3 4 5; do 67 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 68 'objectclass=*' > /dev/null 2>&1 69 RC=$? 70 if test $RC = 0 ; then 71 break 72 fi 73 echo "Waiting 5 seconds for remote slapd to start..." 74 sleep 5 75done 76 77if test $RC != 0 ; then 78 echo "ldapsearch failed ($RC)!" 79 test $KILLSERVERS != no && kill -HUP $KILLPIDS 80 exit $RC 81fi 82 83# configure frontside 84mkdir -p $DBDIR2 85 86. $CONFFILTER $BACKEND $MONITORDB < $TRANSLUCENTLOCALCONF > $CONF2 87 88echo "Starting local slapd on TCP/IP port $PORT2..." 89$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 & 90PID=$! 91if test $WAIT != 0 ; then 92 echo PID $PID 93 read foo 94fi 95LOCALPID="$PID" 96KILLPIDS="$LOCALPID $REMOTEPID" 97 98sleep 1 99 100for i in 0 1 2 3 4 5; do 101 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 102 'objectclass=*' > /dev/null 2>&1 103 RC=$? 104 if test $RC = 0 ; then 105 break 106 fi 107 echo "Waiting 5 seconds for local slapd to start..." 108 sleep 5 109done 110 111if test $RC != 0 ; then 112 echo "ldapsearch failed ($RC)!" 113 test $KILLSERVERS != no && kill -HUP $KILLPIDS 114 exit $RC 115fi 116 117echo "Testing slapd Translucent Proxy operations..." 118 119echo "Testing search: no remote data defined..." 120 121$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" >$SEARCHOUT 2>&1 122 123RC=$? 124if test $RC != 0 ; then 125 echo "ldapsearch failed ($RC)!" 126 test $KILLSERVERS != no && kill -HUP $KILLPIDS 127 exit $RC 128fi 129 130if test -s $SEARCHOUT; then 131 echo "ldapsearch should have returned no records!" 132 test $KILLSERVERS != no && kill -HUP $KILLPIDS 133 exit 1 134fi 135 136echo "Populating remote database..." 137 138$LDAPADD -D "$TRANSLUCENTROOT" -H $URI1 \ 139 -w $PASSWD < $LDIFTRANSLUCENTDATA > $NOWHERE 2>&1 140 141RC=$? 142if test $RC != 0 ; then 143 echo "ldapadd failed ($RC)!" 144 test $KILLSERVERS != no && kill -HUP $KILLPIDS 145 exit $RC 146fi 147 148echo "Testing search: remote database via local slapd..." 149 150$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 151 152RC=$? 153if test $RC != 0 ; then 154 echo "ldapsearch failed ($RC)!" 155 test $KILLSERVERS != no && kill -HUP $KILLPIDS 156 exit $RC 157fi 158 159$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 160$LDIFFILTER < $LDIFTRANSLUCENTDATA > $LDIFFLT 161$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 162 163if test $? != 0 ; then 164 echo "Comparison failed -- corruption from remote to local!" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 exit 1 167fi 168 169echo "Testing add: prohibited local record..." 170 171$LDAPADD -D "$TRANSLUCENTDN" -H $URI2 \ 172 -w $TRANSLUCENTPASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 173 174RC=$? 175if test $RC != 50 ; then 176 echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" 177 grep "$FAILURE" $TESTOUT 178 test $KILLSERVERS != no && kill -HUP $KILLPIDS 179 exit 1 180fi 181 182echo "Testing add: valid local record, no_glue..." 183 184$LDAPADD -v -v -v -D "$TRANSLUCENTROOT" -H $URI2 \ 185 -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 186 187RC=$? 188if test $RC != 32 && test $RC,$BACKEND != 0,null ; then 189 echo "ldapadd failed ($RC), expected NO SUCH OBJECT!" 190 grep "$FAILURE" $TESTOUT 191 test $KILLSERVERS != no && kill -HUP $KILLPIDS 192 exit 1 193fi 194 195echo "Testing modrdn: valid local record, no_glue..." 196 197$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 198 $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 199 200RC=$? 201if test $RC != 32 && test $RC,$BACKEND != 0,null ; then 202 echo "ldapmodrdn failed ($RC), expected NO SUCH OBJECT!" 203 grep "$FAILURE" $TESTOUT 204 test $KILLSERVERS != no && kill -HUP $KILLPIDS 205 exit 1 206fi 207 208echo "Dynamically configuring local slapd without translucent_no_glue..." 209 210$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 211dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 212changetype: modify 213replace: olcTranslucentNoGlue 214olcTranslucentNoGlue: FALSE 215EOF 216RC=$? 217if test $RC != 0 ; then 218 echo "ldapmodify of dynamic config failed ($RC)" 219 test $KILLSERVERS != no && kill -HUP $KILLPIDS 220 exit 1 221fi 222 223echo "Testing add: valid local record..." 224 225$LDAPADD -D "$TRANSLUCENTROOT" -H $URI2 \ 226 -w $PASSWD < $LDIFTRANSLUCENTADD > $TESTOUT 2>&1 227 228RC=$? 229if test $RC != 0 ; then 230 echo "ldapadd failed ($RC)!" 231 grep "$FAILURE" $TESTOUT 232 test $KILLSERVERS != no && kill -HUP $KILLPIDS 233 exit $RC 234fi 235 236echo "Testing search: data merging..." 237 238$LDAPSEARCH -H $URI2 -b "$TRANSLUCENTUSER" "$PERSONAL" > $SEARCHOUT 2>&1 239 240RC=$? 241if test $RC != 0 ; then 242 echo "ldapsearch failed ($RC)!" 243 test $KILLSERVERS != no && kill -HUP $KILLPIDS 244 exit $RC 245fi 246 247$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 248$LDIFFILTER < $LDIFTRANSLUCENTMERGED > $LDIFFLT 249$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 250 251if test $? != 0 ; then 252 echo "Comparison failed -- local data failed to merge with remote!" 253 test $KILLSERVERS != no && kill -HUP $KILLPIDS 254 exit 1 255fi 256 257echo "Testing compare: valid local..." 258 259$LDAPCOMPARE -z -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 260 "uid=danger,ou=users,o=translucent" "carLicense:LIVID" 261 262RC=$? 263if test $RC != 6 ; then 264 echo "ldapcompare failed ($RC), expected TRUE!" 265 test $KILLSERVERS != no && kill -HUP $KILLPIDS 266 exit 1 267fi 268 269echo "Testing compare: valid remote..." 270 271$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 272 "uid=binder,o=translucent" "businessCategory:binder-test-user" 273 274RC=$? 275if test $RC != 6 ; then 276 echo "ldapcompare failed ($RC), expected TRUE!" 277 test $KILLSERVERS != no && kill -HUP $KILLPIDS 278 exit 1 279fi 280 281echo "Testing compare: bogus local..." 282 283$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 284 "uid=danger,ou=users,o=translucent" "businessCategory:invalid-test-value" 285 286RC=$? 287if test $RC != 5 ; then 288 echo "ldapcompare failed ($RC), expected FALSE!" 289 test $KILLSERVERS != no && kill -HUP $KILLPIDS 290 exit 1 291fi 292 293echo "Testing compare: bogus remote..." 294 295$LDAPCOMPARE -z -x -H $URI2 -w $TRANSLUCENTPASSWD -D $TRANSLUCENTDN \ 296 "uid=binder,o=translucent" "businessCategory:invalid-test-value" 297 298RC=$? 299if test $RC != 5 ; then 300 echo "ldapcompare failed ($RC), expected FALSE!" 301 test $KILLSERVERS != no && kill -HUP $KILLPIDS 302 exit 1 303fi 304 305echo "Testing modify: nonexistent record..." 306 307$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 308 $TESTOUT 2>&1 << EOF_MOD 309version: 1 310dn: uid=bogus,ou=users,o=translucent 311changetype: modify 312replace: roomNumber 313roomNumber: 31J-2112 314EOF_MOD 315 316RC=$? 317if test $RC != 32 ; then 318 echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" 319 grep "$FAILURE" $TESTOUT 320 test $KILLSERVERS != no && kill -HUP $KILLPIDS 321 exit 1 322fi 323 324echo "Testing modify: valid local record, nonexistent attribute..." 325 326$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 327 $TESTOUT 2>&1 << EOF_MOD1 328version: 1 329dn: uid=danger,ou=users,o=translucent 330changetype: modify 331replace: roomNumber 332roomNumber: 9N-21 333EOF_MOD1 334 335RC=$? 336if test $RC != 0 ; then 337 echo "ldapmodify failed ($RC)!" 338 grep "$FAILURE" $TESTOUT 339 test $KILLSERVERS != no && kill -HUP $KILLPIDS 340 exit $RC 341fi 342 343$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" > $SEARCHOUT 2>&1 344 345RC=$? 346if test $RC != 0 ; then 347 echo "ldapsearch failed ($RC)!" 348 test $KILLSERVERS != no && kill -HUP $KILLPIDS 349 exit $RC 350fi 351 352ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 353if test "$ATTR" != "roomNumber: 9N-21" ; then 354 echo "modification failed!" 355 test $KILLSERVERS != no && kill -HUP $KILLPIDS 356 exit 1 357fi 358 359echo "Testing search: specific nonexistent remote attribute..." 360 361$LDAPSEARCH -H $URI2 -b "uid=danger,ou=users,o=translucent" roomNumber > $SEARCHOUT 2>&1 362 363RC=$? 364if test $RC != 0 ; then 365 echo "ldapsearch failed ($RC)!" 366 test $KILLSERVERS != no && kill -HUP $KILLPIDS 367 exit $RC 368fi 369 370echo "Testing modify: nonexistent local record, nonexistent attribute..." 371 372$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 373 $TESTOUT 2>&1 << EOF_MOD2 374version: 1 375dn: uid=fred,ou=users,o=translucent 376changetype: modify 377replace: roomNumber 378roomNumber: 31J-2112 379EOF_MOD2 380 381RC=$? 382if test $RC != 0 ; then 383 echo "ldapmodify failed ($RC)!" 384 grep "$FAILURE" $TESTOUT 385 test $KILLSERVERS != no && kill -HUP $KILLPIDS 386 exit $RC 387fi 388 389$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 390 391RC=$? 392if test $RC != 0 ; then 393 echo "ldapsearch failed ($RC)!" 394 test $KILLSERVERS != no && kill -HUP $KILLPIDS 395 exit $RC 396fi 397 398ATTR=`grep roomNumber $SEARCHOUT` > $NOWHERE 2>&1 399if test "$ATTR" != "roomNumber: 31J-2112" ; then 400 echo "modification failed!" 401 test $KILLSERVERS != no && kill -HUP $KILLPIDS 402 exit 1 403fi 404 405echo "Testing modify: valid remote record, nonexistent attribute..." 406 407$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 408 $TESTOUT 2>&1 << EOF_MOD9 409version: 1 410dn: uid=fred,ou=users,o=translucent 411changetype: modify 412delete: preferredLanguage 413EOF_MOD9 414 415RC=$? 416if test $RC != 16 ; then 417 echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" 418 grep "$FAILURE" $TESTOUT 419 test $KILLSERVERS != no && kill -HUP $KILLPIDS 420 exit 1 421fi 422 423echo "Testing delete: valid local record, nonexistent attribute..." 424 425$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 426 $TESTOUT 2>&1 << EOF_MOD4 427version: 1 428dn: uid=fred,ou=users,o=translucent 429changetype: modify 430delete: roomNumber 431EOF_MOD4 432 433RC=$? 434if test $RC != 0 ; then 435 echo "ldapmodify failed ($RC)!" 436 grep "$FAILURE" $TESTOUT 437 test $KILLSERVERS != no && kill -HUP $KILLPIDS 438 exit $RC 439fi 440 441echo "Testing modrdn: prohibited local record..." 442 443$LDAPMODRDN -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ 444 $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 445 446RC=$? 447if test $RC != 50 ; then 448 echo "ldapmodrdn failed ($RC), expected INSUFFICIENT ACCESS!" 449 grep "$FAILURE" $TESTOUT 450 test $KILLSERVERS != no && kill -HUP $KILLPIDS 451 exit 1 452fi 453 454echo "Testing modrdn: valid local record..." 455 456$LDAPMODRDN -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 457 $TESTOUT 2>&1 'uid=fred,ou=users,o=translucent' 'uid=someguy' 458 459RC=$? 460if test $RC != 0 ; then 461 echo "ldapmodrdn failed ($RC)!" 462 grep "$FAILURE" $TESTOUT 463 test $KILLSERVERS != no && kill -HUP $KILLPIDS 464 exit $RC 465fi 466 467echo "Testing delete: prohibited local record..." 468 469$LDAPMODIFY -v -D "$TRANSLUCENTDN" -H $URI2 -w $TRANSLUCENTPASSWD > \ 470 $TESTOUT 2>&1 << EOF_DEL2 471version: 1 472dn: uid=someguy,ou=users,o=translucent 473changetype: delete 474EOF_DEL2 475 476RC=$? 477if test $RC != 50 ; then 478 echo "ldapadd failed ($RC), expected INSUFFICIENT ACCESS!" 479 grep "$FAILURE" $TESTOUT 480 test $KILLSERVERS != no && kill -HUP $KILLPIDS 481 exit 1 482fi 483 484echo "Testing delete: valid local record..." 485 486$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 487 $TESTOUT 2>&1 << EOF_DEL3 488version: 1 489dn: uid=someguy,ou=users,o=translucent 490changetype: delete 491EOF_DEL3 492 493RC=$? 494if test $RC != 0 ; then 495 echo "ldapmodify failed ($RC)!" 496 grep "$FAILURE" $TESTOUT 497 test $KILLSERVERS != no && kill -HUP $KILLPIDS 498 exit $RC 499fi 500 501echo "Testing delete: valid remote record..." 502 503$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 504 $TESTOUT 2>&1 << EOF_DEL8 505version: 1 506dn: uid=fred,ou=users,o=translucent 507changetype: delete 508EOF_DEL8 509 510RC=$? 511if test $RC != 32 ; then 512 echo "ldapmodify failed ($RC), expected NO SUCH OBJECT!" 513 grep "$FAILURE" $TESTOUT 514 test $KILLSERVERS != no && kill -HUP $KILLPIDS 515 exit 1 516fi 517 518echo "Testing delete: nonexistent local record, nonexistent attribute..." 519 520$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 521 $TESTOUT 2>&1 << EOF_DEL1 522version: 1 523dn: uid=fred,ou=users,o=translucent 524changetype: modify 525delete: roomNumber 526EOF_DEL1 527 528RC=$? 529if test $RC != 0 ; then 530 echo "ldapmodify failed ($RC)!" 531 grep "$FAILURE" $TESTOUT 532 test $KILLSERVERS != no && kill -HUP $KILLPIDS 533 exit $RC 534fi 535 536$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 537 538RC=$? 539if test $RC != 0 ; then 540 echo "ldapsearch failed ($RC)!" 541 test $KILLSERVERS != no && kill -HUP $KILLPIDS 542 exit $RC 543fi 544 545echo "Testing delete: valid local record, nonexistent attribute..." 546 547$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 548 $TESTOUT 2>&1 << EOF_MOD8 549version: 1 550dn: uid=danger,ou=users,o=translucent 551changetype: modify 552delete: preferredLanguage 553EOF_MOD8 554 555RC=$? 556if test $RC != 16 ; then 557 echo "ldapmodify failed ($RC), expected NO SUCH ATTRIBUTE!" 558 grep "$FAILURE" $TESTOUT 559 test $KILLSERVERS != no && kill -HUP $KILLPIDS 560 exit 1 561fi 562 563echo "Testing delete: valid local record, remote attribute..." 564 565$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 566 $TESTOUT 2>&1 << EOF_MOD8 567version: 1 568dn: uid=danger,ou=users,o=translucent 569changetype: modify 570delete: initials 571EOF_MOD8 572 573RC=$? 574if test $RC != 0 ; then 575 echo "ldapmodify failed ($RC)" 576 grep "$FAILURE" $TESTOUT 577 test $KILLSERVERS != no && kill -HUP $KILLPIDS 578 exit 1 579fi 580 581echo "Testing modify: valid remote record, combination add-modify-delete..." 582 583$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 584 $TESTOUT 2>&1 << EOF_MOD6 585version: 1 586dn: uid=fred,ou=users,o=translucent 587changetype: modify 588delete: carLicense 589- 590add: preferredLanguage 591preferredLanguage: ISO8859-1 592- 593replace: employeeType 594employeeType: consultant 595EOF_MOD6 596 597RC=$? 598if test $RC != 0 ; then 599 echo "ldapmodify failed ($RC)!" 600 grep "$FAILURE" $TESTOUT 601 test $KILLSERVERS != no && kill -HUP $KILLPIDS 602 exit $RC 603fi 604 605$LDAPSEARCH -H $URI2 -b "uid=fred,ou=users,o=translucent" > $SEARCHOUT 2>&1 606 607RC=$? 608if test $RC != 0 ; then 609 echo "ldapsearch failed ($RC)!" 610 test $KILLSERVERS != no && kill -HUP $KILLPIDS 611 exit $RC 612fi 613 614ATTR=`grep employeeType $SEARCHOUT` > $NOWHERE 2>&1 615if test "$ATTR" != "employeeType: consultant" ; then 616 echo "modification failed!" 617 test $KILLSERVERS != no && kill -HUP $KILLPIDS 618 exit 1 619fi 620 621ATTR=`grep preferredLanguage $SEARCHOUT` > $NOWHERE 2>&1 622if test "$ATTR" != "preferredLanguage: ISO8859-1" ; then 623 echo "modification failed!" 624 test $KILLSERVERS != no && kill -HUP $KILLPIDS 625 exit 1 626fi 627 628echo "Dynamically configuring local slapd with translucent_no_glue and translucent_strict..." 629 630$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 631dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 632changetype: modify 633replace: olcTranslucentNoGlue 634olcTranslucentNoGlue: TRUE 635- 636replace: olcTranslucentStrict 637olcTranslucentStrict: TRUE 638EOF 639RC=$? 640if test $RC != 0 ; then 641 echo "ldapmodify of dynamic config failed ($RC)" 642 test $KILLSERVERS != no && kill -HUP $KILLPIDS 643 exit 1 644fi 645 646echo "Testing strict mode delete: nonexistent local attribute..." 647 648$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 649 $TESTOUT 2>&1 << EOF_MOD5 650version: 1 651dn: uid=example,ou=users,o=translucent 652changetype: modify 653delete: preferredLanguage 654EOF_MOD5 655 656RC=$? 657if test $RC != 19 ; then 658 echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 659 grep "$FAILURE" $TESTOUT 660 test $KILLSERVERS != no && kill -HUP $KILLPIDS 661 exit 1 662fi 663 664echo "Testing strict mode delete: nonexistent remote attribute..." 665 666$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 667 $TESTOUT 2>&1 << EOF_MOD3 668version: 1 669dn: uid=danger,ou=users,o=translucent 670changetype: modify 671delete: displayName 672EOF_MOD3 673 674RC=$? 675if test $RC != 19 ; then 676 echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 677 grep "$FAILURE" $TESTOUT 678 test $KILLSERVERS != no && kill -HUP $KILLPIDS 679 exit 1 680fi 681 682echo "Testing strict mode modify: combination add-modify-delete..." 683 684$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \ 685 $TESTOUT 2>&1 << EOF_MOD6 686version: 1 687dn: uid=example,ou=users,o=translucent 688changetype: modify 689delete: carLicense 690- 691add: preferredLanguage 692preferredLanguage: ISO8859-1 693- 694replace: employeeType 695employeeType: consultant 696EOF_MOD6 697 698RC=$? 699if test $RC != 19 ; then 700 echo "ldapmodify failed ($RC), expected CONSTRAINT VIOLATION!" 701 grep "$FAILURE" $TESTOUT 702 test $KILLSERVERS != no && kill -HUP $KILLPIDS 703 exit 1 704fi 705 706echo "Testing invalid Bind request..." 707$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w Wrong"$TRANSLUCENTPASSWD" > \ 708 $TESTOUT 2>&1 709RC=$? 710if test $RC != 49 ; then 711 echo "ldapwhoami failed ($RC), expected INVALID CREDENTIALS!" 712 grep "$FAILURE" $TESTOUT 713 test $KILLSERVERS != no && kill -HUP $KILLPIDS 714 exit 1 715fi 716 717$LDAPWHOAMI -D "$TRANSLUCENTDN" -H $URI2 -w "$TRANSLUCENTPASSWD" > \ 718 $TESTOUT 2>&1 719RC=$? 720if test $RC != 0 ; then 721 echo "ldapwhoami failed ($RC), expected SUCCESS!" 722 grep "$FAILURE" $TESTOUT 723 test $KILLSERVERS != no && kill -HUP $KILLPIDS 724 exit 1 725fi 726 727echo "Testing search: unconfigured local filter..." 728$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 729 730ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 731if test -n "$ATTR" ; then 732 echo "got result $ATTR, should have been no result" 733 test $KILLSERVERS != no && kill -HUP $KILLPIDS 734 exit 1 735fi 736 737echo "Dynamically configuring local slapd with translucent_local..." 738 739$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 740dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 741changetype: modify 742add: olcTranslucentLocal 743olcTranslucentLocal: employeeType 744EOF 745RC=$? 746if test $RC != 0 ; then 747 echo "ldapmodify of dynamic config failed ($RC)" 748 test $KILLSERVERS != no && kill -HUP $KILLPIDS 749 exit 1 750fi 751 752echo "Testing search: configured local filter..." 753$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consultant)" > $SEARCHOUT 2>&1 754 755ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 756if test -z "$ATTR" ; then 757 echo "got no result, should have found entry" 758 test $KILLSERVERS != no && kill -HUP $KILLPIDS 759 exit 1 760fi 761 762echo "Testing search: unconfigured remote filter..." 763$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 764 765ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 766if test -n "$ATTR" ; then 767 echo "got result $ATTR, should have been no result" 768 test $KILLSERVERS != no && kill -HUP $KILLPIDS 769 exit 1 770fi 771 772echo "Dynamically configuring local slapd with translucent_remote..." 773 774$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF 775dn: olcOverlay={0}translucent,olcDatabase={$DBIX}$BACKEND,cn=config 776changetype: modify 777add: olcTranslucentRemote 778olcTranslucentRemote: carLicense 779EOF 780RC=$? 781if test $RC != 0 ; then 782 echo "ldapmodify of dynamic config failed ($RC)" 783 test $KILLSERVERS != no && kill -HUP $KILLPIDS 784 exit 1 785fi 786 787echo "Testing search: configured remote filter..." 788$LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1 789 790ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1 791if test -z "$ATTR" ; then 792 echo "got no result, should have found entry" 793 test $KILLSERVERS != no && kill -HUP $KILLPIDS 794 exit 1 795fi 796 797test $KILLSERVERS != no && kill -HUP $KILLPIDS 798 799echo ">>>>> Test succeeded" 800 801test $KILLSERVERS != no && wait 802 803exit 0 804