Commit 5b3de2fc authored by Robert Dubner's avatar Robert Dubner
Browse files

Update test/README; improve Makefile to not disturb other running SLAPD instances

parent a4a5cc4a
Pipeline #3690 passed with stage
in 50 minutes and 49 seconds
Runs through numerous "should-succeed" and "should-fail" scenarios.
This test routine requires that OpenLDAP be available, and that the RADIUSCLIENT program in the directory adjacent to this one be available.
It runs through through 288 different scenarios of TLS tunnel configurations involving good and bad combinations of certificates.
It takes about twenty-five seconds on a 3.4GHz Intel-based Linux hardware.
......@@ -2,6 +2,8 @@
RADCLIENT=../radiusclient/radiusclient
SLAPD=~/repos/openldap/servers/slapd/.libs/slapd
PORT=3899
STATS=-1
STATS=256 # LDAP_DEBUG_STATS
......@@ -25,12 +27,9 @@ adjust_no_ca_server_conf()
sed -e "s/SERVER/$1/g" -e "s/MODE/$2/g" radiustls_no_ca-template.conf >radiustls.conf
}
# Make sure we are running the show:
sudo pkill -KILL slapd
run_a_test()
{
$RADCLIENT -d 0 -c client.conf -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1 2>&1 | tee client.log
$RADCLIENT -d 0 -c client.conf -h 127.0.0.1 -p 18129 -m peap -s testing123 abel1 abel1 2>&1 | tee client.log
}
# ca.pem is a legitimate certificate, which signed server.pem and client.pem
......@@ -48,16 +47,19 @@ CLIENT_MODES="never allow try demand"
result_count=1
rm -f results.log
# Kill anybody else who dares to use our test port
lsof -P -n | sed -n "s/^[^0-9]\+\([0-9]\+\).*:$PORT .*/\1/pg" | head -n 1 | xargs kill -KILL
for server_ca in $SERVER_CA
do
for server_cert in $SERVER_CERTS
do
for server_mode in $SERVER_MODES
do
sudo pkill -KILL slapd
cat testdir/slapd.pid | xargs kill -KILL
adjust_server_conf $server_ca $server_cert $server_mode
# It's time to restart the OpenLDAP SLAPD server, because the radiustls.conf file has changed
LDAPNOINIT=1 $SLAPD -h "ldap://127.0.0.1:3899/" -s 0 -f slapd.conf -d 256 2>&1 | tee slapd.log &
LDAPNOINIT=1 $SLAPD -h "ldap://127.0.0.1:$PORT/" -s 0 -f slapd.conf -d 256 2>&1 | tee slapd.log &
sleep 1
for client_ca in $CLIENT_CA
# We can now run multiple client configurations against that server instance
......@@ -68,7 +70,7 @@ for server_ca in $SERVER_CA
do
adjust_client_conf $client_ca $client_cert $client_mode
run_a_test
if cat client.log | grep -q "SUCCEEDED"
if cat client.log | grep -q "SUCCEEDED"
then
echo "$result_count SUCCEEDED server-certs:$server_ca/$server_cert/$server_mode client-certs:$client_ca/$client_cert/$client_mode" >> results.log
else
......@@ -89,17 +91,17 @@ for server_cert in $SERVER_CERTS
do
for server_mode in $SERVER_MODES
do
sudo pkill -KILL slapd
cat testdir/slapd.pid | xargs kill -KILL
adjust_no_ca_server_conf $server_cert $server_mode
# It's time to restart the OpenLDAP SLAPD server, because the radiustls.conf file has changed
LDAPNOINIT=1 $SLAPD -h "ldap://127.0.0.1:3899/" -s 0 -f slapd.conf -d 256 2>&1 | tee slapd.log &
LDAPNOINIT=1 $SLAPD -h "ldap://127.0.0.1:$PORT/" -s 0 -f slapd.conf -d 256 2>&1 | tee slapd.log &
sleep 1
# We can now run multiple client configurations against that server instance
for client_mode in $CLIENT_MODES
do
adjust_no_ca_client_conf $client_mode
run_a_test
if cat client.log | grep -q "SUCCEEDED"
if cat client.log | grep -q "SUCCEEDED"
then
echo "$result_count SUCCEEDED server-certs:$server_cert/$server_mode client-certs:$client_mode" >> results.log
else
......@@ -110,15 +112,17 @@ for server_cert in $SERVER_CERTS
done
done
sudo pkill -KILL slapd
cat testdir/slapd.pid | xargs kill -KILL
diff -u results.good results.log # Show "should be" and then "is"
result=$?
if test "$result" = "0"
then
echo "Testing SUCCEEDED:"
echo "results.log matched results.good"
else
echo "Testing FAILED:"
echo "results.log DID NOT match results.good"
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment