Commit 24c62a45 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Merge branch 'its9863' into 'master'

Draft: ITS#9863 - Forward lastbind updates if configured

See merge request !542
parents 4e3687cd 6237557c
Pipeline #4450 passed with stage
in 44 minutes and 2 seconds
......@@ -472,9 +472,6 @@ fe_op_lastbind( Operation *op )
op2.o_dn = op->o_bd->be_rootdn;
op2.o_ndn = op->o_bd->be_rootndn;
/*
* TODO: this is core+frontend, not everything works the same way?
*/
/*
* Code for forwarding of updates adapted from ppolicy.c of slapo-ppolicy
*
......@@ -485,6 +482,8 @@ fe_op_lastbind( Operation *op )
* must be configured appropriately for this to be useful.
*/
if ( SLAP_SHADOW( op->o_bd ) ) {
op2.o_bd = frontendDB;
/* Must use Relax control since these are no-user-mod */
op2.o_relax = SLAP_CONTROL_CRITICAL;
op2.o_ctrls = ca;
......
......@@ -1028,7 +1028,7 @@ static struct slap_schema_ad_map {
"SINGLE-VALUE "
"NO-USER-MODIFICATION "
"USAGE directoryOperation )",
NULL, 0,
NULL, SLAP_AT_MANAGEABLE,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_pwdLastSuccess) },
......
......@@ -5,6 +5,23 @@ objectClass: dcObject
o: example
dc: example
 
dn: cn=replicator,dc=example,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: replicator
description: Replication user
userPassword: secret
dn: cn=ldap-server,dc=example,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: ldap-server
description: ldap-server sasl object
userPassword: secret
authzTo: {0}dn.regex:^(.+,)+dc=example,dc=com$
dn: ou=Accounting, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
......@@ -65,6 +82,7 @@ objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Katha Petree
sn: Petree
description: This is Katha Petree's description
......@@ -88,12 +106,16 @@ pager: +1 804 321-1156
manager: cn=Crissie Wayler
secretary: cn=Mer Percy
roomNumber: 9527
uidNumber: 1000
gidNumber: 10000
homeDirectory: /home/Katha_Petree
 
dn: cn=Te-Wei Menashian, ou=Peons, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Te-Wei Menashian
sn: Menashian
description: This is Te-Wei Menashian's description
......@@ -117,12 +139,16 @@ pager: +1 818 979-7582
manager: cn=Deryck Gramiak
secretary: cn=Emelyne Settels
roomNumber: 1704
uidNumber: 1001
gidNumber: 10000
homeDirectory: /home/Ti-Wei_Menashian
 
dn: cn=Hung Nehring, ou=Product Development, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Hung Nehring
sn: Nehring
description: This is Hung Nehring's description
......@@ -146,12 +172,16 @@ pager: +1 213 531-8152
manager: cn=Mkt Silgardo
secretary: cn=Kien-Nghiep McKeage
roomNumber: 1611
uidNumber: 1002
gidNumber: 10000
homeDirectory: /home/Hung_Nehring
 
dn: cn=Grant Dransfield, ou=Planning, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Grant Dransfield
sn: Dransfield
description: This is Grant Dransfield's description
......@@ -175,12 +205,16 @@ pager: +1 804 923-4914
manager: cn=Paulie Saisho
secretary: cn=Sarette Valia
roomNumber: 8490
uidNumber: 1003
gidNumber: 10000
homeDirectory: /home/Grant_Dransfield
 
dn: cn=Greta Ifill, ou=Product Development, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Greta Ifill
sn: Ifill
description: This is Greta Ifill's description
......@@ -204,12 +238,16 @@ pager: +1 818 180-9782
manager: cn=Pulak Locicero
secretary: cn=Venkataraman Hurd
roomNumber: 2397
uidNumber: 1004
gidNumber: 10000
homeDirectory: /home/Greta_Ifill
 
dn: cn=Ursa Kitzmiller, ou=Janitorial, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Ursa Kitzmiller
sn: Kitzmiller
description: This is Ursa Kitzmiller's description
......@@ -233,6 +271,9 @@ pager: +1 408 927-5149
manager: cn=Nedi Ashraf
secretary: cn=Hedda Curley
roomNumber: 1939
uidNumber: 1005
gidNumber: 10000
homeDirectory: /home/Ursa_Kitzmiller
 
dn: cn=Pammi Valente, ou=Planning, dc=example,dc=com
objectClass: top
......
......@@ -14,6 +14,7 @@ cn: schema
include: file://@TESTWD@/@SCHEMADIR@/core.ldif
include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
#mod#dn: cn=module{0},cn=config
#mod#objectClass: olcModuleList
......
......@@ -104,7 +104,7 @@ echo "Sleeping 15 seconds to allow stabilization..."
sleep 15
echo "Populating database on provider..."
$LDAPADD -D $MANAGERDN -H $URI1 -w $PASSWD -f $ITSDIR/exampledb.ldif >> $TESTOUT 2>&1
$LDAPADD -D $MANAGERDN -H $URI1 -w $PASSWD -f $DATADIR/exampledb.ldif >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
......
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: Sync
olcLogLevel: Stats
olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt
olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key
olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt
olcTLSVerifyClient: hard
olcIndexHash64: TRUE
olcAuthzPolicy: to
olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com"
olcPidFile: @TESTDIR@/slapd.3.pid
olcArgsFile: @TESTDIR@/slapd.3.args
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file://@TESTWD@/@SCHEMADIR@/core.ldif
include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
#mod#dn: cn=module{0},cn=config
#mod#objectClass: olcModuleList
#mod#cn: module{0}
#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
#mod#olcModuleLoad: {0}back_@BACKEND@.la
#mod#dn: cn=module{1},cn=config
#mod#objectClass: olcModuleList
#mod#cn: module{1}
#mod#olcModulePath: @TESTWD@/../servers/slapd/back-ldap/
#mod#olcModuleLoad: {0}back_ldap.la
dn: cn=module{2},cn=config
objectClass: olcModuleList
cn: module{2}
olcModulePath: @TESTWD@/../servers/slapd/overlays
olcModuleLoad: {0}syncprov.la
olcModuleLoad: {1}unique.la
olcModuleLoad: {2}constraint.la
#mdb#dn: olcBackend={0}mdb,cn=config
#mdb#objectClass: olcBackendConfig
#mdb#objectClass: olcMdbBkConfig
#mdb#olcBackend: {0}mdb
#mdb#olcBkMdbIdlExp: 18
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
olcChainReturnError: TRUE
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbIDAssertBind: mode=self flags=override,prescriptive,proxy-authz-critical
bindmethod=sasl saslmech=external tls_cert=@TESTDIR@/tls/certs/ldap-server.crt
tls_key=@TESTDIR@/tls/private/ldap-server.key tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt
authzid="dn:cn=manager,dc=example,dc=com"
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 8
olcDbSessionTrackingRequest: TRUE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbURI: @SURI1@
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW:< file://@TESTDIR@/configpw
olcAccess: {0}to * by * none
dn: olcDatabase={1}@BACKEND@,cn=config
objectClass: olcDatabaseConfig
objectClass: olc@BACKEND@Config
olcDatabase: {1}@BACKEND@
olcSuffix: dc=example,dc=com
olcRootDN: cn=manager,dc=example,dc=com
olcRootPW: secret
olcLastBindPrecision: 3600
olcLastBind: TRUE
#~null~#olcDbDirectory: @TESTDIR@/db.2.a
#indexdb#olcDbIndex: default eq
#indexdb#olcDbIndex: objectClass
#indexdb#olcDbIndex: cn
#indexdb#olcDbIndex: entryUUID
#indexdb#olcDbIndex: entryCSN
#indexdb#olcDbIndex: mail
#indexdb#olcDbIndex: uid
#indexdb#olcDbIndex: uidNumber
#indexdb#olcDbIndex: gidNumber
#mdb#olcDbMaxSize: 33554432
#mdb#olcDbMultival: default 100,10
olcLimits: {0}dn.exact="cn=replicator,dc=internal,dc=machines" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcAccess: {0}to attrs=userPassword by self write by dn.exact="cn=replicator,dc=example,dc=com" read by anonymous auth
olcAccess: {1}to attrs=authzto by dn.exact="cn=replicator,dc=example,dc=com" read by * auth
olcAccess: {2}to * by * read
olcSyncrepl: {0}rid=100 provider=@SURI1@ bindmethod=sasl
saslmech=external authzid="dn:cn=replicator,dc=example,dc=com"
searchbase="dc=example,dc=com"
type=refreshAndPersist keepalive=60:5:2 retry="5 6 60 +"
tls_cert=@TESTDIR@/tls/certs/ldap-server.crt
tls_key=@TESTDIR@/tls/private/ldap-server.key
tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt
timeout=3
olcUpdateRef: ldaps://@SURI1@
dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 20 10
dn: olcOverlay={1}unique,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcUniqueConfig
olcOverlay: {1}unique
olcUniqueURI: ldap:///?uid?sub?
olcUniqueURI: ldap:///?uidNumber?sub?
olcUniqueURI: ldap:///?mail?sub?
dn: olcOverlay={2}constraint,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: {2}constraint
olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$
dn: olcDatabase={2}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {2}monitor
olcAccess: {0}to dn.subtree="cn=monitor" by * read
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: Sync
olcLogLevel: Stats
olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt
olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key
olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt
olcTLSVerifyClient: hard
olcIndexHash64: TRUE
olcAuthzPolicy: to
olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com"
olcPidFile: @TESTDIR@/slapd.2.pid
olcArgsFile: @TESTDIR@/slapd.2.args
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file://@TESTWD@/@SCHEMADIR@/core.ldif
include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
#mod#dn: cn=module{0},cn=config
#mod#objectClass: olcModuleList
#mod#cn: module{0}
#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
#mod#olcModuleLoad: {0}back_@BACKEND@.la
dn: cn=module{1},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: @TESTWD@/../servers/slapd/overlays
olcModuleLoad: {0}syncprov.la
olcModuleLoad: {1}auditlog.la
olcModuleLoad: {2}unique.la
olcModuleLoad: {3}constraint.la
#mdb#dn: olcBackend={0}mdb,cn=config
#mdb#objectClass: olcBackendConfig
#mdb#objectClass: olcMdbBkConfig
#mdb#olcBackend: {0}mdb
#mdb#olcBkMdbIdlExp: 18
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW:< file://@TESTDIR@/configpw
olcAccess: {0}to * by * none
dn: olcDatabase={1}@BACKEND@,cn=config
objectClass: olcDatabaseConfig
objectClass: olc@BACKEND@Config
olcDatabase: {1}@BACKEND@
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcLastBindPrecision: 3600
olcLastBind: FALSE
olcLimits: {0}dn.exact="cn=replicator,dc=internal,dc=machines" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcAccess: {0}to attrs=userPassword by self write by dn.exact="cn=replicator,dc=example,dc=com" read by anonymous auth
olcAccess: {1}to attrs=authzto by dn.exact="cn=replicator,dc=example,dc=com" read by * auth
olcAccess: {2}to * by * read
#~null~#olcDbDirectory: @TESTDIR@/db.1.a
#indexdb#olcDbIndex: default eq
#indexdb#olcDbIndex: objectClass
#indexdb#olcDbIndex: cn
#indexdb#olcDbIndex: entryUUID
#indexdb#olcDbIndex: entryCSN
#indexdb#olcDbIndex: mail
#indexdb#olcDbIndex: uid
#indexdb#olcDbIndex: uidNumber
#indexdb#olcDbIndex: gidNumber
#mdb#olcDbMaxSize: 33554432
#mdb#olcDbMultival: default 100,10
dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 20 10
olcSpSessionlog: 150000
dn: olcOverlay={1}auditlog,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcAuditlogConfig
olcOverlay: {1}auditlog
olcAuditlogFile: @TESTDIR@/audit.log
dn: olcOverlay={2}unique,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcUniqueConfig
olcOverlay: {2}unique
olcUniqueURI: ldap:///?uid?sub?
olcUniqueURI: ldap:///?uidNumber?sub?
olcUniqueURI: ldap:///?mail?sub?
dn: olcOverlay={3}constraint,olcDatabase={1}@BACKEND@,cn=config
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: {3}constraint
olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$
dn: olcDatabase={2}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {2}monitor
olcAccess: {0}to dn.subtree="cn=monitor" by * read
-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCQ0ExHDAaBgNVBAoME09wZW5MREFQIEZvdW5kYXRpb24xHDAaBgNV
BAsME09wZW5MREFQIFRlc3QgU3VpdGUwIBcNMjIwNjI3MjE1MDE2WhgPMjUyMzA3
MTEyMTUwMTZaMGwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEcMBoGA1UECgwT
T3BlbkxEQVAgRm91bmRhdGlvbjEcMBoGA1UECwwTT3BlbkxEQVAgVGVzdCBTdWl0
ZTEUMBIGA1UEAwwLbGRhcC1zZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDgxEKurztQjO6n/4YV+VY0D1VH2E24TtfIWsAzwD0jnFCELVYreRaC
WX4E6Bj/lXn1j/sMNBd7JidukgRqyx+AtTAtbmmOfZVzZZcNc65DuL/41Yviitvg
nIiJcRjYEzVIeb5ixtvfEKhlREWS2TncBdK9U3yvr10z9xe2LvY1514r9Gf9u0Qn
BNuogZDcs2w17ZmI9hzGcLWkE/6FBofIaiI779YcYb2dA9HFiKb9/CdJYY5pioUG
CbTGKYINkDCblLEFV5j2mLosV6ueE6q6liK1fi+62LEOkPvieEMQBMIJaw2YrKD5
TiGRJ67Ji97blifwG4JNSJLGxqZxQZNRruQOOjNjS/AgtWDmY+krmRAjfJiM7lhA
BrlxLOTZKciEUmSbpvT0PPwBF90dOU9clQyOESQjkZEZeRdjQOapuzhJqlEI8rUD
UiGKT0FeGLIQasvuGdKxZKm3DckI5/ABYP6byXJPGwAZMHcGeCznaUwreaQ4v9UZ
5SyrIsRQbO6wMx6NIfPlvJyubeiTf8I/soO3VJfjyvuHWPd55R00gTNN9EXeaJUh
8SBG+QClJ1NTt8/jN+ci6koTCi4/DynMZiKa5PwBHlayrtP8+sl4LsIispnWxUiO
x7Xbco7ciXsrdm/FZVnugDiDF/pmW1nqcGVMXaf3L1QLPVrV0pOi7wIDAQABo0gw
RjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAsBgNVHREEJTAjgglsb2NhbGhvc3SH
BH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggIBAAcVPBdG
rNC9ttlri4Ane9i+1Q6UGdbuXwBS+RQsfkmKY6ayHL+sWEeX7MinBiAmEEGkmYYw
Ns4MLDldLqjQKITb5pCf+tIdVeCF7YpmC752grWmpQuvgOxvvxyrwSlt76X5OTAy
ho8tl/bs0rbEmFUWR/FEBWIYNbYArYYgQjWyrZxyMjTzZSUO+tuXFV1bk8qM7bn0
P9EcDyhtQrsOAXem/CDhWfwMLOGihb3Bw61n+dpypR/9Jaue10K9fsiIYcar+lHY
QD4WEn5mH0wO2ExuGObyk3Vhs9cL7cVi4gSMH9yFbHG1hKUiOnZgj6FPIAlVz4Md
LhkOdm7C6fkvhElvtHQPKOTSNqvDVwuHi2GeESg6LAY/IUhNqdK++KRsRRVLtMBe
fFp34trd2q1VXa379rl5NCoV290nSNgpx6m9BUq3sZpjdo/dLZCwrN24IAN4okNN
EE5h/7F5uSopkZYmwYjRYoEWig8UNtqqidYxVo60p372tBwgHb/U9FkUS0L91XKS
xwPnlS9Hice7TgauQHtNO6E8Un960r0uhsO/+cW16/3A2WZWT91WLpTV3y4ALLBX
H7qxCGvGoZgzE7uXQCtaZqaZuaciVe2Z2JTP+7IeiGZI/eKA3UVSiduBWLR+SbzI
RxokaAYxcjCWjN6Hgp4RR1DCBZmNNKNzlwlZ
-----END CERTIFICATE-----
......@@ -8,9 +8,10 @@ fi
KEY_BITS=4096
KEY_TYPE=rsa:$KEY_BITS
USAGE="$0 [-s] [-u <user@domain.com>]"
USAGE="$0 [-s] [-l] [-u <user@domain.com>]"
SERVER=0
USER=0
LDAP_USER=0
EMAIL=
while test $# -gt 0 ; do
......@@ -26,6 +27,9 @@ while test $# -gt 0 ; do
USER=1;
EMAIL="$2";
shift; shift;;
-l | -ldap)
LDAP_USER=1;
shift;;
-)
shift;;
-*)
......@@ -36,23 +40,40 @@ while test $# -gt 0 ; do
esac
done
if [ $SERVER = 0 -a $USER = 0 ]; then
if [ $SERVER = 0 -a $USER = 0 -a $LDAP_USER = 0 ]; then
echo "$USAGE";
exit 1;
fi
rm -rf ./openssl.cnf cruft
mkdir -p private certs cruft/private cruft/certs
cleanup() {
rm -rf ./openssl.cnf cruft
if [ $SERVER = 1 ]; then
rm -f localhost.csr
fi
if [ $USER = 1 ]; then
rm -f $EMAIL.csr
fi
if [ $LDAP_USER = 1 ]; then
rm -f ldap-server.csr
fi
}
setup() {
mkdir -p private certs cruft/private cruft/certs
echo "00" > cruft/serial
touch cruft/index.txt
touch cruft/index.txt.attr
hn=$(hostname -f)
sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf > ./openssl.cnf
echo "00" > cruft/serial
touch cruft/index.txt
touch cruft/index.txt.attr
hn=$(hostname -f)
sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf > ./openssl.cnf
}
if [ $SERVER = 1 ]; then
rm -rf private/localhost.key certs/localhost.crt
$(cleanup)
$(setup)
$openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \
-newkey $KEY_TYPE -config ./openssl.cnf \
-subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
......@@ -62,11 +83,12 @@ if [ $SERVER = 1 ]; then
-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
-batch >/dev/null 2>&1
rm -rf ./openssl.cnf ./localhost.csr cruft
fi
if [ $USER = 1 ]; then
rm -f certs/$EMAIL.crt private/$EMAIL.key $EMAIL.csr
$(cleanup)
$(setup)
$openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \
-newkey $KEY_TYPE -config ./openssl.cnf \
......@@ -77,5 +99,21 @@ if [ $USER = 1 ]; then
-keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \
-cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1
rm -rf ./openssl.cnf ./$EMAIL.csr cruft
fi
if [ $LDAP_USER = 1 ]; then
$(cleanup)
$(setup)
$openssl req -new -nodes -out ldap-server.csr -keyout private/ldap-server.key \
-newkey $KEY_TYPE -config ./openssl.cnf \
-subj "/CN=ldap-server/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
-batch > /dev/null 2>&1
$openssl ca -out certs/ldap-server.crt -notext -config ./openssl.cnf -days 183000 -in ldap-server.csr \
-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
-batch >/dev/null 2>&1
fi
$(cleanup)
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDgxEKurztQjO6n
/4YV+VY0D1VH2E24TtfIWsAzwD0jnFCELVYreRaCWX4E6Bj/lXn1j/sMNBd7Jidu
kgRqyx+AtTAtbmmOfZVzZZcNc65DuL/41YviitvgnIiJcRjYEzVIeb5ixtvfEKhl
REWS2TncBdK9U3yvr10z9xe2LvY1514r9Gf9u0QnBNuogZDcs2w17ZmI9hzGcLWk
E/6FBofIaiI779YcYb2dA9HFiKb9/CdJYY5pioUGCbTGKYINkDCblLEFV5j2mLos
V6ueE6q6liK1fi+62LEOkPvieEMQBMIJaw2YrKD5TiGRJ67Ji97blifwG4JNSJLG
xqZxQZNRruQOOjNjS/AgtWDmY+krmRAjfJiM7lhABrlxLOTZKciEUmSbpvT0PPwB
F90dOU9clQyOESQjkZEZeRdjQOapuzhJqlEI8rUDUiGKT0FeGLIQasvuGdKxZKm3
DckI5/ABYP6byXJPGwAZMHcGeCznaUwreaQ4v9UZ5SyrIsRQbO6wMx6NIfPlvJyu
beiTf8I/soO3VJfjyvuHWPd55R00gTNN9EXeaJUh8SBG+QClJ1NTt8/jN+ci6koT
Ci4/DynMZiKa5PwBHlayrtP8+sl4LsIispnWxUiOx7Xbco7ciXsrdm/FZVnugDiD
F/pmW1nqcGVMXaf3L1QLPVrV0pOi7wIDAQABAoICAGjz+9cpx96jEEWuEWRtWw1Q
I5g6rn/jgOrzRVBk8aeRNB+kM9p03kfblfagkhu2Jo69vpJCOLyuYjdFQ37CfmFR
Ob/dELkSdxi9VT1YyQSiXjHJNVqBUI6fSTo0b09mGLlQ78+b38tXMeqnaH1bpaLR
rUfulghLMJA1TwMpBprBAL4xj+Vw7i/yGseiSIxl05+S5OCJW4Jl2stU8sIW/Ixe
0sF+ClKSaUHKKMe+OYvblFS1kxRBNEBPg/QMKcg/jhL36Xj/IFP1mOlfvqk/sbcS
p/5rf8oVqQeON6/WTCpMrnZLYLvrz/bZvt7S0tEV2OhcQyXhEoUX4EGlPM8hubHI
bIZ01RCMXQudnt+5PLpuA7yCw65JOY9pRjrLcnBtV3iZphLc1RAdFfg5BU3a4ncP
unpwWxOihROeWtyJDz5767Pnu7mSMjgmWG3ua4raOCSrDL8zlSmMCTt5z65S2qfK
7VwUBJiRykxkWJdE8zY8wjbF5EpJ/ID9zJqMSlOavonpG239DDZpDV9TA/sOf2zd
KOoi7g+PVnzTXP5z1VhGON1LCWI6k6sPrpy+P0nYbZBML+YMnT1QufgT2D7UbCuH
IQsa+fT6xwZsYkwljWGhwilqt2btDIimVASijuoFsq4wPykiijyNgCcy4dJ856/7
3P/Wh29G2bxWZafK2pVBAoIBAQD5/2qbcfFEp25A6FAnNrqCznvcF3mcPHksICt5
/uo22H2nuNxewtUKy316NrmfcnwbcHImi6rMdg6gaS3RxOytMlrOUGbTeb9RzDnP
xR7g9kHDRAbHTPd9R+20wJxLh8zwEgfuAfN3SF6oGda9u+tXpEwfCHdYby2sam1F
CzQPODNMdknY+fa25OVzkysqLJ/+a9Pg9O/prdoJP0I1qfw4kC8osZ56gbd1wbS9
1vRZm3HAgHYqFvW10ESoWoHpR1yPE6oeF8IX4EdDV+bOMRZ+z4RptdcliYllwCUm
/Ab1HusqBaOsGDIiqvsscQ5IhBYgjmkmJmGVYf5amMcNEgPxAoIBAQDmKcOU425e
gXcfGxEB/AKsXXDDFd8hHyJmCY2PlekPv8ZG1O85rIjAES7Qruodu7u7d3M+sHbI
R0+upfyEIYZaA3VUorYu3CW69kOB90aMP/2s0p8xSqxbxcZPjbOlYiSRI2V793BI
QlfIBFkw/iIy8k/zxW5D/SU8+nRmxovvidgjQyHE3f9f5kKs6J9XdE0ZFUSCV2RE
TMn0vQENS6rCqb/yym491UN4hyPiJ25iWBeOrGGONlpcr6xNg1dRZLAGmlc4YqYU
5r21INToeIhgXEOpo4VADL0dUu3FKTlKb+19Rjt5nhkfueVA1seyPwJgOj0EA7PU
7iioc2dsqXTfAoIBAQCL7l5ysb11Sy5YYHB08ppFG2SS1gT44ZSFkWAkgf4BQv5a
ggu/ctiimTIb1UPjLsau6SrLzoOEvFQFj7nY35wGedgAAVr85fmjxGdbl59oFg7L
SGlu5vLkif1Qnjsdv96DReRwYWEwlC5/cy8StnvNa6Y7/JYoxtpO1qdg7RtvpWp5
UwCU1Z011DtmjKqtiZroYtyO3yrmpqwTXvglZ4dI9dOfuIPXWIIjBJCxbf8JpQtv
z7fUaVOROAkmHrr2oz34y+39uBipGp1o4WvMYAeSZX9dWC4b0bc5X+qrvof6bhr9
Q3jQnB577y52OrXe+ygTgwLyGqumXNptRXStKTdRAoIBAA5gwYUFiBmDQOvChxd2
pLwbwjWNojixdzakliFIHh0Lv9kg6CjULF7DNAd5RcrBtYKKfbqGz4THX6TrXZDr
fzcUTDoTSAo5WmoJhEIULmYIgVJQff1YStgYzMCfe39zWBFxAp/x3yPEcTNfgirb
VUuVc4Uo6jB5GeBrTOY2tPsrw0LAqNVhgNh+y999UKbn7wEIIRV7XBogKeWOAQjR
l0M9023ZU3WtYt+eoZE5IV4nXqFdB2MY5iAwITVeZRACmDRxY81z7CgWGfe8q1Ay
Z2KNoPRx8JsFsLKqQYw1fQy3XUCcKI76X1tqA3Y/dI4f/YgBW1pq2MsObZ/IRce1
9kUCggEAHvDh4YlD24SKn+2vRrBNp47eG9fn9zd3dfY9k9eeG7rOP6vKS/AKdFGc
GCllEcC/Woi5DWq5Umx16OsgQpREssQ3hEUjuNOYyuDL27E4D8KjQROGdhQw+itx
IzEPnTytpSqEFu+eypDInTA/cTVxojM3U3k1qL+ercwztlMEH63fCK4+aHWjw62B
1fQ+8bYnWP5sp599dly8+NrOEZ4kCCNrqL9MOB7CbFYhl0UihuRueaBTMvt9YwS1