Commits (4)
  • Ryan Tandy's avatar
    Fix slaptest in test077 · e006994d
    Ryan Tandy authored
    The libtool wrapper scripts lose argv[0] when exec'ing the real binary.
    
    In the CI Docker container, where the build runs as root, this was
    actually starting a real slapd on the default port.
    
    Outside Docker, running as a non-root user, this slapd would just fail
    to start, and wouldn't convert the config either.
    
    Using "slapd -Tt" fixes the issue but also prints a warning from
    slaptest since the database hasn't been initialized yet.
    
    Dynamic config isn't actually used in this test script, so let's just
    run slapd off the config file directly.
    e006994d
  • Ryan Tandy's avatar
    Convert test077 to LDIF config · 59bdc815
    Ryan Tandy authored
    59bdc815
  • Ryan Tandy's avatar
    Fix typos · 7dfbcfa1
    Ryan Tandy authored
    7dfbcfa1
  • Ryan Tandy's avatar
    Fix minor issues in test077 script · 78cfaa3c
    Ryan Tandy authored
    78cfaa3c
......@@ -569,9 +569,9 @@ one of
.BR LDAP_OPT_X_SASL_CBINDING_NONE
(the default),
.BR LDAP_OPT_X_SASL_CBINDING_TLS_UNIQUE
the "tls-unique" type from RCF 5929.
the "tls-unique" type from RFC 5929.
.BR LDAP_OPT_X_SASL_CBINDING_TLS_ENDPOINT
the "tls-server-end-point" from RCF 5929, compatible with Windows.
the "tls-server-end-point" from RFC 5929, compatible with Windows.
.BR invalue
must be
.BR "const int *" ;
......
# stand-alone slapd config -- for testing (with indexing)
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2020 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
#
include @SCHEMADIR@/corba.schema
include @SCHEMADIR@/java.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/misc.schema
include @SCHEMADIR@/nis.schema
include @SCHEMADIR@/openldap.schema
#
include @SCHEMADIR@/duaconf.schema
include @SCHEMADIR@/dyngroup.schema
#
pidfile @TESTDIR@/slapd.1.pid
argsfile @TESTDIR@/slapd.1.args
# SSL configuration
TLSCACertificateFile @TESTDIR@/tls/ca/certs/testsuiteCA.crt
TLSCertificateKeyFile @TESTDIR@/tls/private/localhost.key
TLSCertificateFile @TESTDIR@/tls/certs/localhost.crt
#
rootdse @DATADIR@/rootdse.ldif
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#monitormod#modulepath ../servers/slapd/back-monitor/
#monitormod#moduleload back_monitor.la
#######################################################################
# database definitions
#######################################################################
database @BACKEND@
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
#~null~#directory @TESTDIR@/db.1.a
#indexdb#index objectClass eq
#indexdb#index mail eq
#ndb#dbname db_1_a
#ndb#include @DATADIR@/ndb.conf
#monitor#database monitor
sasl-realm @KRB5REALM@
sasl-host localhost
database config
rootpw secret
......@@ -114,7 +114,6 @@ REFSLAVECONF=$DATADIR/slapd-ref-slave.conf
SCHEMACONF=$DATADIR/slapd-schema.conf
TLSCONF=$DATADIR/slapd-tls.conf
TLSSASLCONF=$DATADIR/slapd-tls-sasl.conf
SASLGSSAPICONF=$DATADIR/slapd-sasl-gssapi.conf
GLUECONF=$DATADIR/slapd-glue.conf
REFINTCONF=$DATADIR/slapd-refint.conf
RETCODECONF=$DATADIR/slapd-retcode.conf
......
......@@ -17,26 +17,44 @@ echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $WITH_SASL = no ; then
echo "SASL support not available, test skipped"
exit 0
echo "SASL support not available, test skipped"
exit 0
fi
SLAPTEST="$TESTWD/../servers/slapd/slaptest"
CONFDIR=$TESTDIR/slapd.d
CONFLDIF=$TESTDIR/slapd.ldif
mkdir -p $TESTDIR $DBDIR1 $CONFDIR
cp -r $DATADIR/tls $TESTDIR
cd $TESTWD
$SLAPPASSWD -g -n >$CONFIGPWF
echo "Starting KDC for SASL/GSSAPI tests..."
. $SRCDIR/scripts/setup_kdc.sh
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $SASLGSSAPICONF > $CONF1
$SLAPTEST -f $CONF1 -F $CONFDIR
$SLAPADD -F $CONFDIR -l $LDIFORDERED
echo "Configuring slapd..."
cat > $CONFLDIF <<EOF
dn: cn=config
objectClass: olcGlobal
cn: config
olcSaslHost: localhost
olcSaslRealm: $KRB5REALM
olcTLSCACertificateFile: $TESTDIR/tls/ca/certs/testsuiteCA.crt
olcTLSCertificateFile: $TESTDIR/tls/certs/localhost.crt
olcTLSCertificateKeyFile: $TESTDIR/tls/private/localhost.key
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file://$ABS_SCHEMADIR/core.ldif
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW:< file://$TESTDIR/configpw
EOF
$SLAPADD -F $CONFDIR -n 0 -l $CONFLDIF
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
......@@ -48,22 +66,23 @@ echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT
$SLAPD -F $CONFDIR -h "$URI1 $SURI2" -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
echo PID $PID
read foo
fi
KILLPIDS="$PID"
sleep 1
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
......@@ -117,7 +136,7 @@ else
fi
if test $WITH_TLS = no ; then
echo "SASL/GSSAPI: TLS support not available, skipping TLS part."
echo "SASL/GSSAPI: TLS support not available, skipping TLS part."
else
echo -n "Using ldapwhoami with SASL/GSSAPI with start-tls: "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 -ZZ -o tls_reqcert=allow \
......@@ -149,16 +168,16 @@ else
fi
if test $WITH_TLS = no ; then
echo "TLS support not available, skipping channe-binding test"
echo "TLS support not available, skipping channel-binding test"
elif test $HAVE_SASL_GSS_CBIND = no ; then
echo "SASL has no channel-binding support in GSSAPI, test skipped"
echo "SASL has no channel-binding support in GSSAPI, test skipped"
else
echo "Testing SASL/GSSAPI with SASL_CBINDING..."
for acb in "none" "tls-unique" "tls-endpoint" ; do
echo "Modifying slapd's olcSaslCBinding to ${acb} ..."
$LDAPMODIFY -D cn=config -H $URI1 -w secret <<EOF > $TESTOUT 2>&1
$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
dn: cn=config
changetype: modify
replace: olcSaslCBinding
......@@ -174,9 +193,9 @@ EOF
for icb in "none" "tls-unique" "tls-endpoint" ; do
# The gnutls implemantation of "tls-unique" seems broken
# The gnutls implementation of "tls-unique" seems broken
if test $icb = "tls-unique" -o $acb = "tls-unique" ; then
if test $WITH_TLS_TYPE == gnutls ; then
if test $WITH_TLS_TYPE = gnutls ; then
continue
fi
fi
......@@ -193,7 +212,7 @@ EOF
fi
echo -n "Using ldapwhoami with SASL/GSSAPI and SASL_CBINDING "
echo -ne "(client: ${icb},\tserver: ${acb}): "
echo -n "(client: ${icb}, server: ${acb}): "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 -ZZ -o tls_reqcert=allow \
-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
......