#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2019 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

if test $MEMBEROF = memberofno; then 
	echo "Memberof overlay not available, test skipped"
	exit 0
fi 

mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir

$SLAPPASSWD -g -n >$CONFIGPWF
echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf

echo "Starting slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $NAKEDCONF > $CONF1
$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
    echo PID $PID
    read foo
fi
KILLPIDS="$PID"

sleep 1
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting 5 seconds for slapd to start..."
	sleep 5
done
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

cat /dev/null > $TESTOUT

if [ "$MEMBEROF" = memberofmod ]; then
	echo "Inserting memberof overlay on provider..."
	$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: ../servers/slapd/overlays
olcModuleLoad: memberof.la
EOF
	RC=$?
	if test $RC != 0 ; then
		echo "ldapadd failed for moduleLoad ($RC)!"
		test $KILLSERVERS != no && kill -HUP $KILLPIDS
		exit $RC
	fi
fi

indexInclude="" mainInclude="" bdbInclude="# " nullExclude=""
test $INDEXDB = indexdb	|| indexInclude="# "
test $MAINDB  = maindb	|| mainInclude="# "
case $BACKEND in
bdb | hdb) bdbInclude="" ;;
null) nullExclude="# " ;;
esac

echo "Running ldapadd to build slapd config database..."
$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
	>> $TESTOUT 2>&1 <<EOF
dn: cn=symas group example,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: symas group example
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 
 NAME 'memberA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
 NAME 'memberOfA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 
 NAME 'memberB' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 
 NAME 'memberOfB' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.5
 NAME 'memberOfC' SUP distinguishedName )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 
 NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 
 NAME 'groupMemberA' SUP top AUXILIARY MAY ( memberOfA $ memberOfC ) )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 
 NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 
 NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )

dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
${nullExclude}objectClass: olc${BACKEND}Config
olcDatabase: {1}$BACKEND
olcSuffix: $BASEDN
olcRootDN: cn=Manager,$BASEDN
olcRootPW:: c2VjcmV0
olcMonitoring: TRUE
${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/
${bdbInclude}olcDbCacheSize: 1000
${indexInclude}olcDbIndex: objectClass eq
${indexInclude}olcDbIndex: cn pres,eq,sub
${indexInclude}olcDbIndex: uid pres,eq,sub
${indexInclude}olcDbIndex: sn pres,eq,sub
${mainInclude}olcDbMode: 384"

dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {0}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {1}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupA
olcMemberOfMemberAD: memberA
olcMemberOfMemberOfAD: memberOfA

dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {2}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupB
olcMemberOfMemberAD: memberB
olcMemberOfMemberOfAD: memberOfB

EOF
RC=$?
if test $RC != 0 ; then
	echo "ldapadd failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapadd to build slapd database..."
$LDAPADD -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: $BASEDN
objectClass: organization
objectClass: dcObject
o: Example, Inc.
dc: example

dn: ou=People,$BASEDN
objectClass: organizationalUnit
ou: People

dn: ou=Groups,$BASEDN
objectClass: organizationalUnit
ou: Groups

dn: cn=Roger Rabbit,ou=People,$BASEDN
objectClass: inetOrgPerson
cn: Roger Rabbit
sn: Rabbit

dn: cn=Baby Herman,ou=People,$BASEDN
objectClass: inetOrgPerson
cn: Baby Herman
sn: Herman

dn: cn=Cartoonia,ou=Groups,$BASEDN
objectClass: groupOfNames
cn: Cartoonia
member: cn=Roger Rabbit,ou=People,$BASEDN
member: cn=Baby Herman,ou=People,$BASEDN
EOF
RC=$?
if test $RC != 0 ; then
	echo "ldapadd failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Search the entire database..."
echo "# Search the entire database..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapmodify to add a member..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Jessica Rabbit,ou=People,$BASEDN
changetype: add
objectClass: inetOrgPerson
cn: Jessica Rabbit
sn: Rabbit

dn: cn=Cartoonia,ou=Groups,$BASEDN
changetype: modify
add: member
member: cn=Jessica Rabbit,ou=People,$BASEDN
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after adding Jessica Rabbit and Cartoonia..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapmodify to rename a member..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Baby Herman,ou=People,$BASEDN
changetype: modrdn
newrdn: cn=Baby Herman Jr
deleteoldrdn: 1
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after renaming Baby Herman..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapmodify to rename a group..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Cartoonia,ou=Groups,$BASEDN
changetype: modrdn
newrdn: cn=Toon town
deleteoldrdn: 1

dn: cn=Toon town,ou=Groups,$BASEDN
changetype: modrdn
newrdn: cn=Toon Town
deleteoldrdn: 1
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after renaming Cartoonia..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapmodify to add self..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Toon Town,ou=Groups,$BASEDN
changetype: modify
add: member
member: cn=Toon Town,ou=Groups,$BASEDN
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after adding Toon Town to self..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapdelete to remove a member..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Baby Herman Jr,ou=People,$BASEDN
changetype: delete
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after deleting Baby Herman..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapdelete to remove a group..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 << EOF
dn: cn=Toon Town,ou=Groups,$BASEDN
changetype: delete
EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after deleting Toon Town..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Adding groups with MAY member type schemas..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 <<EOF
dn: cn=Roger Rabbit,ou=People,$BASEDN
changetype: delete

dn: cn=Jessica Rabbit,ou=People,$BASEDN
changetype: delete

dn: cn=person1,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person1
sn: person1

dn: cn=person2,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person2
sn: person2

dn: cn=group1,ou=Groups,$BASEDN
changetype: add
objectclass: groupA
cn: group1
memberA: cn=person1,ou=People,$BASEDN
memberA: cn=person2,ou=People,$BASEDN

dn: cn=group2,ou=Groups,$BASEDN
changetype: add
objectclass: groupB
cn: group2
memberB: cn=person1,ou=People,$BASEDN
memberB: cn=person2,ou=People,$BASEDN

dn: cn=group1,ou=Groups,$BASEDN
changetype: modify
delete: memberA

EOF

echo "Re-search the entire database..."
echo "# Re-search the entire database after adding groups with MAY member type schemas..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Running ldapmodify to reconfigure the schema used..."
$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
	>> $TESTOUT 2>&1 <<EOF
dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
changetype: modify
replace: olcMemberOfMemberOfAD
olcMemberOfMemberOfAD: memberOfC

EOF
RC=$?
if test $RC != 0 ; then
	echo "ldapadd failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Updating groups to expose the new setting..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
	-D "cn=Manager,$BASEDN" -w secret \
	>> $TESTOUT 2>&1 <<EOF
dn: cn=group1,ou=Groups,$BASEDN
changetype: modify
add: memberA
memberA: cn=person1,ou=People,$BASEDN
memberA: cn=person2,ou=People,$BASEDN

EOF
RC=$?
if test $RC != 0 ; then
	echo "ldapmodify failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

echo "Re-search the entire database..."
echo "# Re-search the entire database after updating memberof configuration..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

LDIF=$MEMBEROFOUT

echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
echo "Filtering original ldif used to create database..."
$LDIFFILTER < $LDIF > $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT

if test $? != 0 ; then
	echo "Comparison failed"
	exit 1
fi

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0