#! /bin/sh # $OpenLDAP$ ## This work is part of OpenLDAP Software <http://www.openldap.org/>. ## ## Copyright 1998-2019 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## <http://www.OpenLDAP.org/license.html>. echo "running defines.sh" . $SRCDIR/scripts/defines.sh if test $MEMBEROF = memberofno; then echo "Memberof overlay not available, test skipped" exit 0 fi mkdir -p $TESTDIR $DBDIR1 $TESTDIR/confdir $SLAPPASSWD -g -n >$CONFIGPWF echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf echo "Starting slapd on TCP/IP port $PORT1..." . $CONFFILTER $BACKEND $MONITORDB < $NAKEDCONF > $CONF1 $SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$PID" sleep 1 for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 'objectclass=*' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi cat /dev/null > $TESTOUT if [ "$MEMBEROF" = memberofmod ]; then echo "Inserting memberof overlay on provider..." $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1 dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: ../servers/slapd/overlays olcModuleLoad: memberof.la EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for moduleLoad ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi fi indexInclude="" mainInclude="" bdbInclude="# " nullExclude="" test $INDEXDB = indexdb || indexInclude="# " test $MAINDB = maindb || mainInclude="# " case $BACKEND in bdb | hdb) bdbInclude="" ;; null) nullExclude="# " ;; esac echo "Running ldapadd to build slapd config database..." $LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ >> $TESTOUT 2>&1 <<EOF dn: cn=symas group example,cn=schema,cn=config objectClass: olcSchemaConfig cn: symas group example olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 NAME 'memberA' SUP distinguishedName ) olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2 NAME 'memberOfA' SUP distinguishedName ) olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 NAME 'memberB' SUP distinguishedName ) olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 NAME 'memberOfB' SUP distinguishedName ) olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.5 NAME 'memberOfC' SUP distinguishedName ) olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA ) olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 NAME 'groupMemberA' SUP top AUXILIARY MAY ( memberOfA $ memberOfC ) ) olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB ) olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB ) dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig ${nullExclude}objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcRootDN: cn=Manager,$BASEDN olcRootPW:: c2VjcmV0 olcMonitoring: TRUE ${nullExclude}olcDbDirectory: $TESTDIR/db.1.a/ ${bdbInclude}olcDbCacheSize: 1000 ${indexInclude}olcDbIndex: objectClass eq ${indexInclude}olcDbIndex: cn pres,eq,sub ${indexInclude}olcDbIndex: uid pres,eq,sub ${indexInclude}olcDbIndex: sn pres,eq,sub ${mainInclude}olcDbMode: 384" dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {1}memberof olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupA olcMemberOfMemberAD: memberA olcMemberOfMemberOfAD: memberOfA dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {2}memberof olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupB olcMemberOfMemberAD: memberB olcMemberOfMemberOfAD: memberOfB EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapadd to build slapd database..." $LDAPADD -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: $BASEDN objectClass: organization objectClass: dcObject o: Example, Inc. dc: example dn: ou=People,$BASEDN objectClass: organizationalUnit ou: People dn: ou=Groups,$BASEDN objectClass: organizationalUnit ou: Groups dn: cn=Roger Rabbit,ou=People,$BASEDN objectClass: inetOrgPerson cn: Roger Rabbit sn: Rabbit dn: cn=Baby Herman,ou=People,$BASEDN objectClass: inetOrgPerson cn: Baby Herman sn: Herman dn: cn=Cartoonia,ou=Groups,$BASEDN objectClass: groupOfNames cn: Cartoonia member: cn=Roger Rabbit,ou=People,$BASEDN member: cn=Baby Herman,ou=People,$BASEDN EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Search the entire database..." echo "# Search the entire database..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapmodify to add a member..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Jessica Rabbit,ou=People,$BASEDN changetype: add objectClass: inetOrgPerson cn: Jessica Rabbit sn: Rabbit dn: cn=Cartoonia,ou=Groups,$BASEDN changetype: modify add: member member: cn=Jessica Rabbit,ou=People,$BASEDN EOF echo "Re-search the entire database..." echo "# Re-search the entire database after adding Jessica Rabbit and Cartoonia..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapmodify to rename a member..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Baby Herman,ou=People,$BASEDN changetype: modrdn newrdn: cn=Baby Herman Jr deleteoldrdn: 1 EOF echo "Re-search the entire database..." echo "# Re-search the entire database after renaming Baby Herman..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapmodify to rename a group..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Cartoonia,ou=Groups,$BASEDN changetype: modrdn newrdn: cn=Toon town deleteoldrdn: 1 dn: cn=Toon town,ou=Groups,$BASEDN changetype: modrdn newrdn: cn=Toon Town deleteoldrdn: 1 EOF echo "Re-search the entire database..." echo "# Re-search the entire database after renaming Cartoonia..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapmodify to add self..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Toon Town,ou=Groups,$BASEDN changetype: modify add: member member: cn=Toon Town,ou=Groups,$BASEDN EOF echo "Re-search the entire database..." echo "# Re-search the entire database after adding Toon Town to self..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapdelete to remove a member..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Baby Herman Jr,ou=People,$BASEDN changetype: delete EOF echo "Re-search the entire database..." echo "# Re-search the entire database after deleting Baby Herman..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapdelete to remove a group..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 << EOF dn: cn=Toon Town,ou=Groups,$BASEDN changetype: delete EOF echo "Re-search the entire database..." echo "# Re-search the entire database after deleting Toon Town..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Adding groups with MAY member type schemas..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 <<EOF dn: cn=Roger Rabbit,ou=People,$BASEDN changetype: delete dn: cn=Jessica Rabbit,ou=People,$BASEDN changetype: delete dn: cn=person1,ou=People,$BASEDN changetype: add objectClass: person objectClass: groupMemberA objectClass: groupMemberB cn: person1 sn: person1 dn: cn=person2,ou=People,$BASEDN changetype: add objectClass: person objectClass: groupMemberA objectClass: groupMemberB cn: person2 sn: person2 dn: cn=group1,ou=Groups,$BASEDN changetype: add objectclass: groupA cn: group1 memberA: cn=person1,ou=People,$BASEDN memberA: cn=person2,ou=People,$BASEDN dn: cn=group2,ou=Groups,$BASEDN changetype: add objectclass: groupB cn: group2 memberB: cn=person1,ou=People,$BASEDN memberB: cn=person2,ou=People,$BASEDN dn: cn=group1,ou=Groups,$BASEDN changetype: modify delete: memberA EOF echo "Re-search the entire database..." echo "# Re-search the entire database after adding groups with MAY member type schemas..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Running ldapmodify to reconfigure the schema used..." $LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ >> $TESTOUT 2>&1 <<EOF dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config changetype: modify replace: olcMemberOfMemberOfAD olcMemberOfMemberOfAD: memberOfC EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Updating groups to expose the new setting..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 \ -D "cn=Manager,$BASEDN" -w secret \ >> $TESTOUT 2>&1 <<EOF dn: cn=group1,ou=Groups,$BASEDN changetype: modify add: memberA memberA: cn=person1,ou=People,$BASEDN memberA: cn=person2,ou=People,$BASEDN EOF RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Re-search the entire database..." echo "# Re-search the entire database after updating memberof configuration..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ '(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi test $KILLSERVERS != no && kill -HUP $KILLPIDS LDIF=$MEMBEROFOUT echo "Filtering ldapsearch results..." $LDIFFILTER < $SEARCHOUT > $SEARCHFLT echo "Filtering original ldif used to create database..." $LDIFFILTER < $LDIF > $LDIFFLT echo "Comparing filter output..." $CMP $SEARCHFLT $LDIFFLT > $CMPOUT if test $? != 0 ; then echo "Comparison failed" exit 1 fi echo ">>>>> Test succeeded" test $KILLSERVERS != no && wait exit 0