Commit e98374fa authored by Ondřej Kuzník's avatar Ondřej Kuzník
Browse files

ITS#9598 Add tests for connection restrictions

parent ddc94307
# with first backend
dn: cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancer
olmIncomingConnections: 0
olmOutgoingConnections: 4
dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 1
olmForwardedOps: 0
olmRejectedOps: 1
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 1
olmForwardedOps: 0
olmRejectedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerServer
olmServerURI: ldap://localhost:9012/
olmActiveConnections: 4
olmPendingConnections: 0
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
# second backend and a rejected search, paged search (19 times x 1 entry), pwmod
dn: cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancer
olmIncomingConnections: 0
olmOutgoingConnections: 13
dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 4
olmForwardedOps: 3
olmRejectedOps: 1
olmCompletedOps: 3
olmFailedOps: 0
dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 25
olmForwardedOps: 20
olmRejectedOps: 1
olmCompletedOps: 20
olmFailedOps: 0
dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerServer
olmServerURI: ldap://localhost:9012/
olmActiveConnections: 4
olmPendingConnections: 0
olmPendingOps: 0
olmReceivedOps: 21
olmCompletedOps: 21
olmFailedOps: 0
dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 19
olmCompletedOps: 19
olmFailedOps: 0
dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerServer
olmServerURI: ldap://localhost:9013/
olmActiveConnections: 9
olmPendingConnections: 0
olmPendingOps: 0
olmReceivedOps: 2
olmCompletedOps: 2
olmFailedOps: 0
dn: cn=Connection 5,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 7,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 8,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 9,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 6,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 10,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 11,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 12,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 13,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
# two runs of modifies (with and without TXN)
dn: cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancer
olmIncomingConnections: 0
olmOutgoingConnections: 13
dn: cn=Incoming Connections,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=Bind,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 6
olmForwardedOps: 5
olmRejectedOps: 1
olmCompletedOps: 5
olmFailedOps: 0
dn: cn=Other,cn=Operations,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerOperation
olmReceivedOps: 35
olmForwardedOps: 28
olmRejectedOps: 1
olmCompletedOps: 28
olmFailedOps: 0
dn: cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: monitorContainer
dn: cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerServer
olmServerURI: ldap://localhost:9012/
olmActiveConnections: 4
olmPendingConnections: 0
olmPendingOps: 0
olmReceivedOps: 24
olmCompletedOps: 24
olmFailedOps: 0
dn: cn=Connection 1,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 20
olmCompletedOps: 20
olmFailedOps: 0
dn: cn=Connection 3,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 2
olmCompletedOps: 2
olmFailedOps: 0
dn: cn=Connection 2,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 4,cn=backend,cn=Backend Servers,cn=Load Balancer,cn=Backends
,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backends,cn=Monitor
objectClass: olmBalancerServer
olmServerURI: ldap://localhost:9013/
olmActiveConnections: 9
olmPendingConnections: 0
olmPendingOps: 0
olmReceivedOps: 9
olmCompletedOps: 9
olmFailedOps: 0
dn: cn=Connection 5,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 7,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 5
olmCompletedOps: 5
olmFailedOps: 0
dn: cn=Connection 8,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 9,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: regular
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 6,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backend
s,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 10,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 11,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 1
olmCompletedOps: 1
olmFailedOps: 0
dn: cn=Connection 12,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
dn: cn=Connection 13,cn=server 2,cn=Backend Servers,cn=Load Balancer,cn=Backen
ds,cn=Monitor
objectClass: olmBalancerConnection
olmConnectionType: bind
olmPendingOps: 0
olmReceivedOps: 0
olmCompletedOps: 0
olmFailedOps: 0
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
mkdir -p $TESTDIR $DBDIR1 $DBDIR2
$SLAPPASSWD -g -n >$CONFIGPWF
echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
# Cannot assess where operations went without monitor yet
if test $AC_lloadd = lloaddyes ; then
echo "Load balancer module not available, skipping..."
exit 0
fi
# Monitor counts are unstable in the face of concurrency, since different
# clients may get different upstreams assigned for their operations. This might
# also change later when tiered load balancing is available.
# Another constraint is that some global counts are updated by the statistics
# collection task scheduled to run every second.
#
# This test assumes current round-robin policy:
# - default backend is rotated every time we successfully pick an upstream
# (except when already linked)
# - upstream connections within the same backend are rotated in the same way
# - the monitor entry order for upstream connections reflects the connection
# order within its CIRCLEQ_
echo "Starting the first slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND < $CONF > $CONF2
$SLAPADD -f $CONF2 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Running slapindex to index slapd database..."
$SLAPINDEX -f $CONF2
RC=$?
if test $RC != 0 ; then
echo "warning: slapindex failed ($RC)"
echo " assuming no indexing support"
fi
$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
PID2="$PID"
KILLPIDS="$PID"
echo "Testing slapd searching..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
'(objectclass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting $SLEEP1 seconds for slapd to start..."
sleep $SLEEP1
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
$SLAPADD -f $CONF3 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Running slapindex to index slapd database..."
$SLAPINDEX -f $CONF3
RC=$?
if test $RC != 0 ; then
echo "warning: slapindex failed ($RC)"
echo " assuming no indexing support"
fi
echo "Starting second slapd on TCP/IP port $PORT3..."
$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
PID3="$PID"
KILLPIDS="$KILLPIDS $PID"
sleep $SLEEP0
echo "Testing slapd searching..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
'(objectclass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting $SLEEP1 seconds for slapd to start..."
sleep $SLEEP1
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Starting lloadd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND < $LLOADDEMPTYCONF > $CONF1.lloadd
. $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
$SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$KILLPIDS $PID"
echo "Testing slapd searching..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -H $URI6 \
'(objectclass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting $SLEEP1 seconds for lloadd to start..."
sleep $SLEEP1
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Setting up restrictions..."
$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
dn: olcBackend={0}lload,cn=config
changetype: modify
replace: olcBkLloadWriteCoherence
olcBkLloadWriteCoherence: 3
-
add: olcBkLloadRestrictExop
# Modify Password Exop
olcBkLloadRestrictExop: 1.3.6.1.4.1.4203.1.11.1 write
# LDAP Transaction Exop
olcBkLloadRestrictExop: 1.3.6.1.1.21.1 connection
# Cancel Exop
olcBkLloadRestrictExop: 1.3.6.1.1.8 reject
-
add: olcBkLloadRestrictControl
# assert control
olcBkLloadRestrictControl: 1.3.6.1.1.12 backend
# paged results control
olcBkLloadRestrictControl: 1.2.840.113556.1.4.319 connection
# dontUseCopy control
olcBkLloadRestrictControl: 1.3.6.1.1.22 reject
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed for backend ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Sending a search request to prime the counters..."
$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 >> $TESTOUT 2>&1
RC=$?
if test $RC != 52 ; then
echo "ldapsearch should have failed ($RC != 52)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Adding first backend server..."
$LDAPMODIFY -D cn=config -H $URI6 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
dn: cn=backend,olcBackend={0}lload,cn=config
changetype: add
objectClass: olcBkLloadBackendConfig
olcBkLloadBackendUri: $URI2
olcBkLloadMaxPendingConns: 3
olcBkLloadMaxPendingOps: 5
olcBkLloadRetry: 1000
olcBkLloadNumconns: 2
olcBkLloadBindconns: 2
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed for backend ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS