Commit a1bf7f3d authored by Howard Chu's avatar Howard Chu
Browse files

MSAD add basic test

Requires additional envvars to be set before running.
parent ff6a671e
# slave slapd config -- for testing of MSAD DIRSYNC replication
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2018 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/nis.schema
include @SCHEMADIR@/msuser.schema
#
pidfile @TESTDIR@/slapd.2.pid
argsfile @TESTDIR@/slapd.2.args
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#monitormod#modulepath ../servers/slapd/back-monitor/
#monitormod#moduleload back_monitor.la
#syncprovmod#modulepath ../servers/slapd/overlays/
#syncprovmod#moduleload syncprov.la
attributeoptions range=
#######################################################################
# consumer database definitions
#######################################################################
database @BACKEND@
suffix "@MSAD_SUFFIX@"
rootdn "cn=Replica,@BASEDN@"
rootpw secret
#null#bind on
#~null~#directory @TESTDIR@/db.2.a
#indexdb#index objectClass eq
#indexdb#index cn,sn,uid pres,eq,sub
#indexdb#index entryUUID,entryCSN eq
#ndb#dbname db_2
#ndb#include @DATADIR@/ndb.conf
# Don't change syncrepl spec yet
syncrepl rid=1
provider=@URI1@
binddn="@MSAD_ADMINDN@"
bindmethod=simple
credentials="@MSAD_ADMINPW@"
searchbase="@MSAD_SUFFIX@"
filter="(|(associatedDomain=test.openldap.org)(objectclass=inetorgperson)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
schemachecking=off
scope=sub
type=dirSync
interval=00:00:00:03
updateref @URI1@
overlay syncprov
syncprov-sessionlog 100
#monitor#database monitor
#LEAD COMMENT
dn: ou=OpenLDAPtest,dc=example,dc=com
ou: OpenLDAPtest
#EMBEDDED COMMENT
objectclass: organizationalUnit
objectclass: domainRelatedObject
l: Anytown, Michigan
st: Michigan
description: The Example, Inc. at Anytown
postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
telephonenumber: +1 313 555 1817
associatedDomain: test.openldap.org
#LEAD COMMENT
dn: ou=People,dc=example,dc=com
#EMBEDDED COMMENT
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: People
associatedDomain: test.openldap.org
dn: ou=Groups,dc=example,dc=com
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: Groups
associatedDomain: test.openldap.org
dn: ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: Alumni Association
associatedDomain: test.openldap.org
dn: ou=Information Technology Division,ou=People,dc=example,dc=com
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: Information Technology Division
associatedDomain: test.openldap.org
description: MSAD doesn't like long descriptions
description: 5K and 3K are too big
dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Barbara Jensen
sn:: IEplbnNlbiA=
uid: bjensen
title: Mythical Manager, Research Systems
postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
own, MI 48103-4943
userpassword:: YmplbnNlbg==
mail: bjensen@mailgw.example.com
homepostaladdress: 123 Wesley $ Anytown, MI 48103
description: Mythical manager of the rsdd unix project
carLicense: water
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
telephonenumber: +1 313 555 9022
associatedDomain: test.openldap.org
dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Bjorn Jensen
sn: Jensen
uid: bjorn
userpassword:: Ympvcm4=
homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
carLicense: Iced Tea
description: Hiker, biker
title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
mail: bjorn@mailgw.example.com
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
telephonenumber: +1 313 555 0355
associatedDomain: test.openldap.org
dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Dorothy Stevens
sn: Stevens
uid: dots
title: Secretary, UM Alumni Association
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
carLicense: Lemonade
homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
description: Very tall
facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.example.com
homephone: +1 313 555 0454
associatedDomain: test.openldap.org
dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: James A Jones 1
sn: Jones
uid: jaj
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
userpassword:: amFq
homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
homephone: +1 313 555 4772
description: Outstanding
title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.example.com
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
associatedDomain: test.openldap.org
dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: James A Jones 2
sn: Doe
uid: jjones
homepostaladdress: 933 Brooks $ Anytown, MI 48104
homephone: +1 313 555 8838
title: Senior Manager, Information Technology Division
description: Not around very much
mail: jjones@mailgw.example.com
postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
associatedDomain: test.openldap.org
dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Jane Doe
sn: Doe
uid: jdoe
title: Programmer Analyst, UM Alumni Association
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
homepostaladdress: 123 Anystreet $ Anytown, MI 48104
carLicense: diet coke
description: Enthusiastic
mail: jdoe@woof.net
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
telephonenumber: +1 313 555 4774
associatedDomain: test.openldap.org
dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Jennifer Smith
sn: Smith
uid: jen
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
carLicense: Sam Adams
homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.example.com
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
telephonenumber: +1 313 555 8232
associatedDomain: test.openldap.org
dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: John Doe
sn: Doe
uid: johnd
postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
title: System Administrator, Information Technology Division
description: overworked!
mail: johnd@mailgw.example.com
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
telephonenumber: +1 313 555 9394
associatedDomain: test.openldap.org
dn: cn=Manager,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Manager
sn: Manager
description: Manager of the directory
userpassword:: c2VjcmV0
associatedDomain: test.openldap.org
dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Mark Elliot
sn: Elliot
uid: melliot
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
homephone: +1 313 555 0388
carLicense: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.example.com
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
associatedDomain: test.openldap.org
dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: inetorgperson
objectclass: domainRelatedObject
cn: Ursula Hampster
sn: Hampster
uid: uham
title: Secretary, UM Alumni Association
postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
homepostaladdress: 123 Anystreet $ Anytown, MI 48104
mail: uham@mail.alumni.example.com
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700
telephonenumber: +1 313 555 5331
associatedDomain: test.openldap.org
dn: cn=All Staff,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
cn: All Staff
description: Everyone in the sample data
objectclass: groupofnames
objectclass: domainRelatedObject
associatedDomain: test.openldap.org
dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
description: All ITD Staff
cn: ITD Staff
objectclass: groupofuniquenames
objectclass: domainRelatedObject
uniquemember: cn=Manager,dc=example,dc=com
uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=example,dc=com
uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
associatedDomain: test.openldap.org
dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
member: cn=Manager,dc=example,dc=com
member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
owner: cn=Manager,dc=example,dc=com
description: All Alumni Assoc Staff
cn: Alumni Assoc Staff
objectclass: groupofnames
objectclass: domainRelatedObject
associatedDomain: test.openldap.org
dn: ou=testdomain1,dc=example,dc=com
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: testdomain1
description: Example, Inc. modify+modrdn test domain
associatedDomain: test.openldap.org
dn: ou=testdomain2,dc=example,dc=com
objectclass: organizationalUnit
objectclass: domainRelatedObject
ou: testdomain2
description: Example, Inc. modify then modrdn test domain
associatedDomain: test.openldap.org
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2018 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
sed -e "s/@BASEDN@/${BASEDN}/" \
-e "s/@MSAD_ADMINDN@/${MSAD_ADMINDN}/" \
-e "s/@MSAD_ADMINPW@/${MSAD_ADMINPW}/" \
-e "s/@MSAD_SUFFIX@/${MSAD_SUFFIX}/"
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2018 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
# requires MSAD_URI, MSAD_SUFFIX, MSAD_ADMINDN, MSAD_ADMINPW
if test -z "$MSAD_URI"; then
echo "No MSAD envvars set, test skipped"
exit 0
fi
if test $SYNCPROV = syncprovno; then
echo "Syncrepl provider overlay not available, test skipped"
exit 0
fi
mkdir -p $TESTDIR $DBDIR2
URI1=$MSAD_URI
BASEDN="ou=OpenLDAPtest,$MSAD_SUFFIX"
DC=`echo $MSAD_SUFFIX | sed -e 's/dc=//' -e 's/,.*//'`
#
# Test replication:
# - populate MSAD over ldap
# - start consumer
# - perform some modifies and deletes
# - attempt to modify the consumer (referral)
# - retrieve database over ldap and compare against expected results
#
# Notes:
# We use a separate OU under the MSAD suffix to contain our test objects,
# since we can't just wipe out the entire directory when starting over.
# The replication search filter is thus more convoluted than would normally
# be needed. Typically it would only need (|(objectclass=user)(objectclass=group))
#
# MSAD does referential integrity by default, so to get 1-to-1 modifications
# we must add users before creating groups that reference them, and we
# should delete group memberships before deleting users. If we delete
# users first, MSAD will automatically remove them from their groups,
# but won't notify us of these changed groups.
# We could use the refint overlay to duplicate this behavior, but that's
# beyond the scope of this test.
echo "Using ldapsearch to check that MSAD is running..."
$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -s base -b "$MSAD_SUFFIX" -H $MSAD_URI 'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
exit $RC
fi
echo "Using ldapdelete to delete old MSAD test tree, if any..."
$LDAPDELETE -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW -r "$BASEDN"
RC=$?
echo "Using ldapadd to create the test context entry in MSAD..."
sed -e "s/dc=example,dc=com/$MSAD_SUFFIX/" < $LDIFDIRSYNCCP | \
$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Starting consumer slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND $MONITORDB < $DIRSYNC1CONF | . $CONFDIRSYNC > $CONF2
$SLAPADD -f $CONF2 <<EOMODS
dn: $MSAD_SUFFIX
dc: $DC
objectclass: organization
objectclass: dcObject
o: OpenLDAP Testing
EOMODS
$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
SLAVEPID=$!
if test $WAIT != 0 ; then
echo SLAVEPID $SLAVEPID
read foo
fi
KILLPIDS="$KILLPIDS $SLAVEPID"
sleep 1
echo "Using ldapsearch to check that consumer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Using ldapsearch to check that consumer received context entry..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for syncrepl to catch up..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Using ldapadd to populate MSAD..."
sed -e "s/dc=example,dc=com/$BASEDN/" < $LDIFDIRSYNCNOCP | \
$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1
echo "Using ldapmodify to modify provider directory..."
#
# Do some modifications
#
$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
changetype: modify
add: carLicense
carLicense: Orange Juice
-
delete: sn
sn: Jones
-
add: sn
sn: Jones
dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
changetype: modify
replace: carLicense
carLicense: Iced Tea
carLicense: Mad Dog 20/20
dn: cn=ITD Staff,ou=Groups,$BASEDN
changetype: modify
delete: uniquemember
uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
-
add: uniquemember
uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, $BASEDN
uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
dn: cn=All Staff,ou=Groups,$BASEDN
changetype: modify
replace: description
description: The whole universe
-
delete: member
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,$BASEDN
dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, $BASEDN
changetype: add
objectclass: inetorgperson
objectclass: domainrelatedobject
cn: Gern Jensen
sn: Jensen
uid: gjensen
title: Chief Investigator, ITD
postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
seealso: cn=All Staff, ou=Groups, $BASEDN
carLicense: Coffee
homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
description: Very odd
facsimiletelephonenumber: +1 313 555 7557
telephonenumber: +1 313 555 8343
mail: gjensen@mailgw.example.com
homephone: +1 313 555 8844
associateddomain: test.openldap.org
dn: ou=Retired, ou=People, $BASEDN
changetype: add
objectclass: organizationalUnit
ou: Retired
dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
changetype: add
objectclass: inetorgperson
objectclass: domainrelatedobject
cn: Rosco P. Coltrane
sn: Coltrane
uid: rosco
associateddomain: test.openldap.org
dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
changetype: modrdn
newrdn: cn=Rosco P. Coltrane
deleteoldrdn: 1
newsuperior: ou=Retired, ou=People, $BASEDN
dn: ou=testdomain1,$BASEDN
changetype: modrdn
newrdn: ou=itsdomain1
deleteoldrdn: 1
dn: ou=itsdomain1,$BASEDN
changetype: modify
replace: description
description: Example, Inc. ITS test domain
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
sleep $SLEEP1
echo "Performing modrdn alone on the provider..."
$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
$TESTOUT 2>&1 << EOMODS
dn: ou=testdomain2,$BASEDN
changetype: modrdn
newrdn: ou=itsdomain2
deleteoldrdn: 1
EOMODS